Is there a secured way of writing MySQL credentials in nodejs

pandglobal · April 12, 2023, 8:31pm

Hello house,

Am just getting to know how to connect nodejs to MySQL to preform CRUD but i have fear that the database username, password are all written in the .js file and anyone can view these files and everything in it over the browser by visiting the url of the file.
example: http://yourdomain.com/connection.js

I want to know if nodejs made provisions to hide and make some part of the code not viewable over the browser?

Or there is absolutely nothing to hide database credentials?

rpg_digital · April 12, 2023, 11:15pm

This is a late night somewhat sketchy answer, but I think the standard way is to use dotenv. You then store your credentials in a .env file.

how-to-use-node-environment-variables-with-a-dotenv-file-for-node-js-and-npm

Thallius · April 13, 2023, 7:37am

Normally nodejs is running on port 3000 or similar. These ports should not be accessible from outsite the server. So you cannot access any of your .js files with a browser. That’s why you need a router in nodejs to tell node which commands/Pages you want to make public to port 80 or similar.

pandglobal · April 13, 2023, 8:20am

this link is broken or page removed

pandglobal · April 13, 2023, 8:26am

I don’t know what router is, and am using the nodejs app on my webhosting that only have these option, create, stop, restart and destroy, just like many in cpanel.
And i juts create new node and name the index.js file.

Then i went to my browser and visited the url and everything in my index js displayed.

How can I install these router?
How can tell Nodejs which file is public and which file is not?

rpg_digital · April 13, 2023, 12:31pm

Link fixed

pandglobal · April 13, 2023, 5:29pm

Thanks i think the solution is environment variables, as .env files are not viewable over the browser.

Thanks alot

negigulshan903 · April 26, 2023, 2:07pm

Hello this is Gulshan Negi
Well, it is not recommended to include sensitive information such as database credentials directly in JavaScript files that are accessible from the client side in a Node.js application. Instead, you should use best practices such as storing sensitive information in environment variables, using a separate configuration file, setting appropriate file permissions, implementing authentication and authorization mechanisms, and using HTTPS to encrypt data transmission. In order to safeguard sensitive data within your Node.js application, it is absolutely necessary to regularly review and update your security measures. Keep in mind that security is an ongoing process, and in order to safeguard your application and its data, it is essential to remain vigilant and adhere to industry best practices.
Thanks

system · July 26, 2023, 9:07pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.