Reputation: 1910
nodejs/socket.io with node-mysql | security confusion
So I started looking into node-mysql since my entire site is built with PHP, but I'd like to use node/socket.io for smooth asynchronous user-end updates. However there is one issue I'm seeing with node-mysql which I haven't quite gotten an answer yet. How is the login information for the mysql server not public information?
according to the documentation https://github.com/felixge/node-mysql you connect to the database like so
var mysql = require('mysql');
var connection = mysql.createConnection({
host : 'localhost',
user : 'me',
password : 'secret',
});
connection.connect();
connection.query('SELECT 1', function(err, rows, fields) {
if (err) throw err;
console.log('Query result: ', rows);
});
connection.end();
So what's stopping a user from just plopping the server file into their navigation bar and viewing the login information for the mysql server? I'm extremely confused by this, could someone please explain it to me?
Upvotes: 1
Views: 1057
Answers (2)
Reputation: 2556
Node.js is server-side JavaScript. You would place those files in a similar place that you place your PHP files, and not in a publicly accessible location.
You run your Node application, which serves up the public HTML/CSS/JS files you want (or alternatively, serialized data such as that in JSON form).
Upvotes: 6
Related Questions
- How to access mysql database with socket.io
- Connecting to Internal MySQL Server
- NodeJS + Socket.IO + Mysql
- Socket.io Security Issues
- Socket.io and MySQL Connections
- Node.js security
- Socket.IO Client Security
- SocketIO + MySQL Authentication
- Socket.io, Security and Multiplayer
- Node.js and global MySQL connection OBJ