Secure Database Connectivity in node.js with mysql

Hi Everyone!
Yesterday my friend Andrea from Italy asked me a question about secure Database connectivity in node.js with mysql i.e. he wants to a secure database connection in node.js for some secure keys like username,password,database name that we use during database connectivity.His problem is obviously right from security point of view as we know that JavaScript is client side scripting knowledge so it is compiled on client side so after inspecting page some one can be able to view these secure keys which I discussed previously. I surf internet and found there are various ways to solve this problem I am not discussing all of them here but also I discussing here two of them and after this discussion I think Andrea and other reader who are facing with same problem can be able to resolve their problem.

I choose two ways to solve this problem.

  1. Connection code in app.js file
  2. Create a Json file
Connection code in app.js file :
Javascript is client side language and code is compiled on client side due which many people avoided to  perform connectivity inside node.js because it is framework of Javascript and due to which it also perform as client side scripting language but it contains a app.js file (which initiate connection with sever and behaves like server side scripting language), because app.js behaves like a server side scripting language so we can add our database connectivity code inside it.

Create a Json File :
this is second and interesting way to resolve this problem it is not any written rule that we can solve this problem in this way but also it is simple hack by which we can be able to resolve our problem.During this way we have two files :
  1. .js file -For database connection
  2. .json file- For storing keys that you don't want to see
If you don't know about Database connectivity with node.js then visit Node.js Database Connectivity with postgreSql but here I am discussing connectivity with mysql which not too much different but almost similar.
At first I write dbConnection.js file for Database connection which is complete code for database connection we do regularly and then creating dbinfo.json file which secure keys and after creating it again I write dbConnection.js but in this case it contains username,password and dbname directly but also it contain these information after reading from dbinfo.json file.
dbConnection.js

var mysql=require('mysql');

var con = mysql.createConnection({
  host: 'localhost',
  user: 'admin',
  password: 'root_123',
  database:'testDb'
});

con.connect(function(err){
    if(err)throw err;

 console.log('connected');
 var retriveData=[];
    var executeQuery = con.query("SELECT * From insertinfodemo", function (err, result, fields) {
    if (err) throw err;
    console.log(result);
   });
});
During this process our keys are visible after inspecting page everyone can view these keys that should be secrete.
Now we are crating our second .json file i.e. dbinfo.json which contains keys value 
dbinfo.json

{"username":"admin", "password":"root_123", "dbname":"testDb" }
Now again we write dbConnection.js file  but in this case we not pass these secure keys directly but also we pass these but reading from our dbinfo.json file.
like this -
dbConnection.js

var fs=require("fs");
    var mysql = require("mysql");
    var username="";
    fs.readFile('dbinfo.json',function(err,data){
 if(err)console.log(err);
  username=JSON.parse(data).username;
  pass=JSON.parse(data).password;
  db=JSON.parse(data).dbname;
    var con = mysql.createConnection({
   host: 'localhost',
   user: username,
   password: pass,
   database:db

 });
    con.connect(function(err){
    if(err)throw err;

 console.log('connected');
 var retriveData=[];
    var executeQuery = con.query("SELECT * From insertinfodemo", function (err, result, fields) {
    if (err) throw err;
    console.log(result);
   });
});
});

Comments

Post a Comment

Popular posts from this blog

Export data from mysql db to csv file using java

Image
Hi friends ! Today I am discussing about simple but very important scenario. When we create any application then during creation of application we have face many scenarios like 1.Taking information from user and storing these information inside database : Generally such type of Operation is performed by user using form application 2.Taking Data from Database and Displaying on Page : We can perform such type of Operation in various ways like using JSP,JSTL tags or you can perform such operations using JQUERY also. 3.Taking Data from Database and download it in Excel or CSV format : In this we want our data from database and store it inside Excel or text files for further use. And we have chosen third scenario from discussion for performing this Operation we have to need three files exportCsv.html  :- this contains a button for clicking and performing exporting data from database Operation ExportData.java  :- It is a servlet class which defines connectivity from databas
Keep reading

API (Application Programming Interface)

Image
Definition  1.A set of routines by which an application program can call specific programs or services of a computer operating system (OS) or network operating system (NOS). 2.A set of routines by which an application program allows another application program to work directly with it.            ( A pplication P rogramming I nterface) A language and message format used by an application program to communicate with the operating system or some other control program such as a database management system (DBMS) or communications protocol. APIs are implemented by writing function calls in the program, which provide the linkage to the required subroutine for execution. Thus, an API implies that a driver or program module is available in the computer to perform the operation or that software must be linked into the existing program to perform the tasks. Plenty of API Programming Is Done Understanding an API is a major part of what a programmer does. Except for
Keep reading