4 comments

[ 4.6 ms ] story [ 16.4 ms ] thread
Everyone should start using this module for remote method invocation in node.js!
This is the kind of thing that makes server-side js more compelling - bridging the language gap between the client and the server.

This particular approach seems to have some security implications though. What's to prevent a client from sending malicious code to the server?

The client doesn't send code to the server, just a JSON representation of the function arguments (which can include names of client-side callback functions). There's no eval.
Thanks for this response and the parent question too. I updated the article to make this point more clear.