On Wed, Dec 7, 2016 at 6:03 PM, Bill Klein <[email protected]> wrote: > I have a bug in my node server that I'm trying to track down. Unfortunately > it happens rarely and, so far, only on production. > > Therefore, I would like to be able to attach a debugger to my server > retrospectively, after the problem occurs. > > What are the implications of running a production node server with the > --debug argument (without an attached debugger)? Performance? Security? > > Thanks.
Depending on the node version, the debugger listens either on 127.0.0.1 or 0.0.0.0. Address 0.0.0.0, a.k.a. the 'any' address, is a security liability if TCP ports 5858 and 9229 are accessible from the internet. The latest node v4 and v6 support `--debug=127.0.0.1:5858` syntax. Node v7 does too but it listens on 127.0.0.1 by default (v4 and v6 listen on 0.0.0.0.) Performance-wise --debug doesn't make a difference until the debugger is activated. When you stop debugging, the program resumes running at full speed again. Debugged functions are deoptimized but are optimized again through the usual process. -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CAHQurc_AUvAK7XVCT_RbcGrmHofEa-U9U-PPipW8VxwByqODLA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
