UNPKG

node-red-camunda8

Version:

Camunda 8 nodes for Node-RED

github.com/Umbrella-Corp/node-red-camunda8

Umbrella-Corp/node-red-camunda8

48 lines (34 loc) 1.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Security Considerations ## Input Validation All nodes now include proper input validation to prevent: - Processing of invalid or malformed payloads - Injection attacks through unsanitized inputs - Runtime errors from missing required fields ## Authentication & Authorization When connecting to Zeebe: - Always use OAuth authentication in production environments - Store credentials securely using Node-RED's credential system - Use TLS/SSL connections when available - Regularly rotate authentication tokens ## Error Handling - Error messages are sanitized to prevent information disclosure - Detailed error information is logged securely - Node status provides user-friendly feedback without exposing sensitive data ## Resource Management - Workers are properly closed to prevent resource leaks - Connections are managed efficiently - Timeouts are configured to prevent hanging connections ## Monitoring & Logging - All security-relevant events are logged - Connection status is monitored and reported - Failed authentication attempts should be tracked ## Best Practices 1. Keep the zeebe-node dependency updated 2. Use environment variables for sensitive configuration 3. Implement proper network security between Node-RED and Zeebe 4. Monitor for unusual activity patterns 5. Regular security audits of the deployment ## Vulnerability Management - Run `npm audit` regularly to check for known vulnerabilities - Update dependencies promptly when security fixes are available - Subscribe to security advisories for Node-RED and Zeebe