1

I am working on angular app and php as backend that will do the data processing to MySQL. recently i found out node-mysql plugin for Nodejs that will communicate to MySQL through JS.

After the documentations provided there, i have a question which i want to ask here and need some enlightenment from all of you guys.

According to documentation, we will have to declare the connection in JS file as 

var mysql      = require('mysql');
var connection = mysql.createConnection({
  host     : 'localhost',
  user     : 'me',
  password : 'secret',
  database : 'my_db'
});

connection.connect();

connection.query('SELECT 1 + 1 AS solution', function(err, rows, fields) {
  if (err) throw err;

  console.log('The solution is: ', rows[0].solution);
});

connection.end();

By providing all the sensitive database login data in JS, will it be a big hole for security issue there? if Yes, how can prevent it?

And the query will be done as well through the JS file

var mysql = require('mysql');
var pool  = mysql.createPool(...);

pool.getConnection(function(err, connection) {
  // Use the connection
  connection.query( 'SELECT something FROM sometable', function(err, rows) {
    // And done with the connection.
    connection.release();

    // Don't use the connection here, it has been returned to the pool.
  });
});

Is that mean that the attacker will easily to find out what is the query that we use to query to database? Unlike server side language like PHP where we just call the php file together with the params.

Is it safe to use this driver on Nodejs?

Sorry for being newbie with this such questions.

Improve this question
10
  • 1
    mysql.createConnection(require('./config.json'))... Commented Jun 15, 2016 at 2:14
  • 1
    It's really intended for use on the server side, where Node.js is running the server application like you're accustomed to with PHP. It is not intended for use on the client browser. Commented Jun 15, 2016 at 2:14
  • Michael is right, that file lives and runs on your server, it shouldn't be exposed publicly. Commented Jun 15, 2016 at 2:15
  • Generally you would not expose the MySQL database server to outside access (which would be necessary if you wanted to connect JS browser clients to it). In most circumstances, the MySQL server's listening TCP port is only available to its local interface or a very restricted set of connecting client IP addresses. Commented Jun 15, 2016 at 2:17
  • 1
    I don't really know what example to give - often when one talks about Node.js, the context is node running on the server. That is not JavaScript code which gets included inside a web page and executed by the browser. Instead it is working just like (or in place of) PHP - the server executes the JS, does any database transaction, and transmits the result to the requesting browser as prepared HTML or JSON for example. The browser never gets access to the .js files. Commented Jun 15, 2016 at 2:19

1 Answer 1

Reset to default
1

Node JS is server side too. Node JS using javascript for coding, not mean it will expose to your clients browser. It just seen on server side and stand as backend who give response to client browser request.

For simple explanation, just imagine Node JS as PHP server but in Javascript language and don't need apache server. Of course they have different behavior and many different feature. You better read some tutorial about how Node JS work first and try your self before read advance tutorial.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

okay, now i got the idea of the Node.js but how to call the JS file reside in server through browser?
In my experience, just make file for example server.js, then if you have Node JS installed just run from console/shell: node server.js it will execute your JS file. Then you can open from your client browser by it port. If your server.js setting listening on port 80, you just easily open by its IP e.g. http://192.168.0.1, but if you using different port you must define the port at the browser address, e.g. http://192.168.0.1:3000
thanks, i think i have to find good docu for node.js and how to implement it with angular on client side.
For additional information, You must always restart Node JS server every times you have changes to server.js file. Not like PHP which always automatically run the script without server restart. Please check this for a simple start with your first Node JS test server: blog.modulus.io/build-your-first-http-server-in-nodejs
Hey, you just mention angular. Currently i also have big interest on it. After you understand about Node JS. You may check this link for the implementation Angular and Nodje JS : scotch.io/tutorials/… . Seem we need to play with Angular route for communicating with Node JS API. Good luck with Angular & Node JS.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.