Secure Database Connectivity in node.js with mysql
Hi Everyone!
During this process our keys are visible after inspecting page everyone can view these keys that should be secrete.
Now we are crating our second .json file i.e. dbinfo.json which contains keys value
dbinfo.json
Now again we write dbConnection.js file but in this case we not pass these secure keys directly but also we pass these but reading from our dbinfo.json file.
like this -
dbConnection.js
Yesterday my friend Andrea from Italy asked me a question about secure Database connectivity in node.js with mysql i.e. he wants to a secure database connection in node.js for some secure keys like username,password,database name that we use during database connectivity.His problem is obviously right from security point of view as we know that JavaScript is client side scripting knowledge so it is compiled on client side so after inspecting page some one can be able to view these secure keys which I discussed previously. I surf internet and found there are various ways to solve this problem I am not discussing all of them here but also I discussing here two of them and after this discussion I think Andrea and other reader who are facing with same problem can be able to resolve their problem.
I choose two ways to solve this problem.- Connection code in app.js file
- Create a Json file
Javascript is client side language and code is compiled on client side due which many people avoided to perform connectivity inside node.js because it is framework of Javascript and due to which it also perform as client side scripting language but it contains a app.js file (which initiate connection with sever and behaves like server side scripting language), because app.js behaves like a server side scripting language so we can add our database connectivity code inside it.
Create a Json File :
this is second and interesting way to resolve this problem it is not any written rule that we can solve this problem in this way but also it is simple hack by which we can be able to resolve our problem.During this way we have two files :
- .js file -For database connection
- .json file- For storing keys that you don't want to see
At first I write dbConnection.js file for Database connection which is complete code for database connection we do regularly and then creating dbinfo.json file which secure keys and after creating it again I write dbConnection.js but in this case it contains username,password and dbname directly but also it contain these information after reading from dbinfo.json file.
dbConnection.js
var mysql=require('mysql');
var con = mysql.createConnection({
host: 'localhost',
user: 'admin',
password: 'root_123',
database:'testDb'
});
con.connect(function(err){
if(err)throw err;
console.log('connected');
var retriveData=[];
var executeQuery = con.query("SELECT * From insertinfodemo", function (err, result, fields) {
if (err) throw err;
console.log(result);
});
});
Now we are crating our second .json file i.e. dbinfo.json which contains keys value
dbinfo.json
{"username":"admin", "password":"root_123", "dbname":"testDb" }
like this -
dbConnection.js
var fs=require("fs");
var mysql = require("mysql");
var username="";
fs.readFile('dbinfo.json',function(err,data){
if(err)console.log(err);
username=JSON.parse(data).username;
pass=JSON.parse(data).password;
db=JSON.parse(data).dbname;
var con = mysql.createConnection({
host: 'localhost',
user: username,
password: pass,
database:db
});
con.connect(function(err){
if(err)throw err;
console.log('connected');
var retriveData=[];
var executeQuery = con.query("SELECT * From insertinfodemo", function (err, result, fields) {
if (err) throw err;
console.log(result);
});
});
});
Comments
Post a Comment