Reputation: 733
Using Node and Mysql
I am working on angular app and php as backend that will do the data processing to MySQL. recently i found out node-mysql plugin for Nodejs that will communicate to MySQL through JS.
After the documentations provided there, i have a question which i want to ask here and need some enlightenment from all of you guys.
According to documentation, we will have to declare the connection in JS file as
var mysql = require('mysql');
var connection = mysql.createConnection({
host : 'localhost',
user : 'me',
password : 'secret',
database : 'my_db'
});
connection.connect();
connection.query('SELECT 1 + 1 AS solution', function(err, rows, fields) {
if (err) throw err;
console.log('The solution is: ', rows[0].solution);
});
connection.end();
By providing all the sensitive database login data in JS, will it be a big hole for security issue there? if Yes, how can prevent it?
And the query will be done as well through the JS file
var mysql = require('mysql');
var pool = mysql.createPool(...);
pool.getConnection(function(err, connection) {
// Use the connection
connection.query( 'SELECT something FROM sometable', function(err, rows) {
// And done with the connection.
connection.release();
// Don't use the connection here, it has been returned to the pool.
});
});
Is that mean that the attacker will easily to find out what is the query that we use to query to database? Unlike server side language like PHP where we just call the php file together with the params.
Is it safe to use this driver on Nodejs?
Sorry for being newbie with this such questions.
Upvotes: 1
Views: 515
Answers (1)
Reputation: 2644
Node JS is server side too. Node JS using javascript for coding, not mean it will expose to your clients browser. It just seen on server side and stand as backend who give response to client browser request.
For simple explanation, just imagine Node JS as PHP server but in Javascript language and don't need apache server. Of course they have different behavior and many different feature. You better read some tutorial about how Node JS work first and try your self before read advance tutorial.
Upvotes: 1
Related Questions
- Using async/await with a forEach loop
- How can the default node version be set using NVM?
- How to reset AUTO_INCREMENT in MySQL
- What's the difference between tilde(~) and caret(^) in package.json?
- How do I pass command line arguments to a Node.js program and receive them?
- What's the difference between dependencies, devDependencies, and peerDependencies in NPM package.json file?
- How to import an SQL file using the command line in MySQL?
- How can I update Node.js and npm to their latest versions?
- Should I use the datetime or timestamp data type in MySQL?
- i have created mysql connection in nodejs it is showing database connected but showing an error as undefined database