2

This may seem like a dumb question, but I dont understand why you would write SQL queries in your JavaScript files. Can’t JavaScript files be seen by the client? So if you have something like:

var mysql      = require('mysql');
var connection = mysql.createConnection({
host     : 'localhost',
user     : 'foo',
password : 'bar',
database : 'db'
});

connection.connect();

connection.query('SELECT * from table', function(err, rows, fields) {
if (!err)
console.log('The query returned ' + rows);
else
console.log('An error occurred.');
});

// rest of js code

Isn’t this a security issue? Someone please educate me.

Improve this question
2
  • If you don't serve them - how can you see their contents? Commented Jul 29, 2016 at 6:08
  • Javascript is just a language, if the code is only running on the server in node.js, it is never seen by the client Commented Jul 29, 2016 at 6:11

1 Answer 1

Reset to default
4

If this is somehow deliberately being sent to the client as JavaScript for the browser, such as within a <script> tag, absolutely, it can be seen. It can also be altered.

If this is Node.js code that is running inside a Node.js process, there's no way for the client to get this code unless you do something completely reckless like deploy your application in a location that's a "web mount", that is where there's a directory index of all files published inadvertently by your web server that someone could click on and explore, or where they might guess the name like index.js or app.js to see what comes up.

Just because something's JavaScript doesn't mean it's intended for use in a browser, nor that it has to run in a browser at all.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

@tadman So suppose I have a node directory in my project root that contains all my node.js files. How would a client be unable to peak at the contents contained within? Is this done through htaccess or something?
Unless you've deliberately set up your Node project as a virtual host with the document set to the Node source code, or you've gone out of your way to get your Node app to serve up itself for some reason, this is not a problem. How would a client be able to get these source files is the question you should be asking.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.