i would like to create a web portal using javascript frameworks like backbone.js, angular.js and so on…
however, to access to database on server side javascript is not secured enough and i guess i need to use PHP to retrieve data from DB and present them to javascript frameworks.
therefore i would like to know if this is the best solution for server-side programming language (i mean PHP) to use with javascript frameworks or if something else exists ?
My concern is about security of data and transfer of data from DB to front-end (to javascript frameworks).
Anything you use will be a secure or insecure as you make it. JavaScript can be used server side (in the form of Node.js or similar) just as PHP or similar languages can.
But AFAIK javascript is executed on client side so easy to read code while PHP is executed on server side and therefore only result of PHP code is available (if files and directories have correct right accesses setup).
Client-side JS is executed in the browser as you say, but server-side JS (i.e. Node) is executed on the server and is as secure as PHP or any other server-side language.
Your visitor can turn JavaScript OFF in the browser so you need to perform all VALIDATION and SANITISATION on the server even if you do duplicate some or all of it in the browser using JavaScript.
VALIDATE all user inputs.
SANITISE all other inputs.
That way you ensure that the server side processing is using valid data (or at least data that is potentially valid and so can at worst result in adding junk to the database).
I always learned that JS works on client side, so in which way node.js framework is different from standard javascript to run ONLY on server side ?
By the way JS always has a problem with security so how did they fixed that in node.js ?
i can’t use a js framework that is weak in security… i don’t want my web portal to be hacked as i will have a payment gateway like paypal or other.
For a long time JS was confined to running within the browser (i.e. client-side) but then people took a JS engine (the software that interprets and excutes JS) and implemented it on the server-side, creating Node.js. The problem with JS on the client-side is that anyone can view-source on your page and read your code - so any passwords, for example, would be there for all to see. With Node, your JS is stored and executed on the server… the end-user never has the opportunity to view the program’s source code. A node server is essentially a black box, in the same way that a PHP or Ruby server is… you can put things in, and you can see what comes back out, but what goes on inside is hidden from view.
As far as front-end JS frameworks go, I know that Backbone is in-use by many companies, including Sony Entertainment, which wouldn’t be the case if there was some inherent problem with security.
Microsoft supported server-side javascript years ago (1996), though technically Jscript isn’t javascript. Surprisingly, according to this, server-side javascript first appeared 19 years ago! http://en.wikipedia.org/wiki/JavaScript#Server-side_JavaScript
As to reading server-side script files, I wonder if node.js allows for “outside of root”. For example, if the PHP engine fails, script files can be seen as plain text unless they are outside of the root. Do you know if node.js also allows fo such a set-up?
That’s interesting… I wasn’t aware of Netscape Enterprise Server! I wonder why server-side JS didn’t take off at the time?
With PHP, you’re always serving it via a webserver such as Apache or Nginx, but a Node app usually functions as it’s own server*, dealing directly with incoming requests. If the server goes down, no static files get served up as there’s nothing to respond to the request.
*You can pass through requests to a Node.js app from servers like Apache, but my understanding is that it’s not common to do so.