I'm unsure if I'm asking the right question here. I apologize in advance for my ignorance, I'm only a year into teaching myself full stack JS and web app architecture and I'm trying to understand this on a granular level. Previous attempts to ask this question seem to offend some devs, so maybe it's a dumb question.
I'm trying to understand how to, or if its possible to, explicitly designate or assign a specific file or block of javascript to process/run/execute on a server vs on the client/browser.
Writing some javascript in a an app.js file and running node app.js seems to still expose that script to the browser, viewable in the Sources tab in Dev Tools.
PHP is interpreted by a server and then sends static HTML to the client. Is this "pre-processing", the equivalent of Server Side Rendering with Javascript App frameworks? Or Is writing a .php file inline with HTML server-side (like you'd see in Wordpress) more equivalent to inline javascript client side? And there is a different method to have JS interpreted server-side?
I've been reading about GENERATE_SOURCEMAP, but that seems more like it's used to hide client-side JS modules.
Other possible wordings of this question
How to not expose server side Javascript to the client?
How to run/execute Javascript on a server vs in browser?
I am NOT ASKING for the definition of server-side vs client-side JS, or for suggestions of server side application frameworks.
Again, I think i've confused myself or missing something very basic. Maybe the only answer is to segment your private web application from your client application and access via API. Thank you for any help.
Summary: Your JavaScript executed by the node daemon on the server side is not visible on the client side, the only thing visible is the output of your JS.
When you create a file with the .php extension you need an executable that executes this file, to return the result to the client to render it.
For example :
create a php file index.php with the following syntax:
<?php
echo '<script>console.log("HelloWorled")</script>'
?>
to run this file, you need the PHP daemon (the php interpreter) to run the file to get this output <script>console.log("HelloWorled")</script>
next; the output will be returned to the client to be execute on client browser;
In the case of PHP this operation is managed directly by the http server such as nginx via this configuration:
server{
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php<version>-fpm.sock;
}
}
which you will find inside the /etc/nginx/sites-available/default file
This rule simply tells nginx to make all files with the .php extension go through the php proxy to be executed and then return only the result of the execution to the client.
You have to imagine the exact same thing with nodejs.
I created an index.js file with the following syntax :
....
process.write( '<script>console.log("HelloWorled")</script>');
....
running the file with node index.js you will just get the output <script>console.log("HelloWorled")</script> which your server (e.g. expressJS) will send back to the client to run it client side to get los same result of the php code.
NOTES :
YOU DON'T NEED TO EXPOSE YOUR JS CODE, YOU NEED ONLY A PROXY TO SERVER IT Like PHP WITH NGINX (read more about expressJS and the other nodejs servers frameworks).
IF you need to expose a client side scripts,images,styles, you need to specify it in your proxy configuration
Related
I'm trying to start a python script that will parse a csv file uploaded from the UI by the user. On the client side, how do I make a call to start the python script (I've read AJAX http requests work)? And then secondly, how do I take the user input (just a simple user upload with the HTML tag) which will be read by the python script?
The back end python script works perfectly through the command line, I just need to create a front end for easier use.
Many (if not all) server side technology can solve your problem: CGI, Java Servlet, NodeJS, Python, PHP etc.
The steps are:
In browser, upload file via AJAX request.
In server, receive file sent from browser, save it somewhere in server disk.
After file is saved, invoke your python script to handle the file.
As your current script is written by Python, I guess Python is the best choice for server side technology.
I know there are many similar questions on the internet but none of them could solve my doubt. So pardon me. About my project. I have a java file or program that takes a string , encrypts it and then returns the encrypted string to me.
I want to include or keep this java file (.jar file) on the webpage or the client-side. Now I know that we can upload this java program on server side and then easily communicate with it instead of calling keeping it on client-side which most people consider a bad practice.
But my purpose of keeping this jar file on the client side is that JavaScript code for encryption can be easily seen if we inspect element, so compared to it .jar file is more secure and one cannot see underlying encryption code and also if in case the there is network loss then instead of typing the entire string again and getting it encrypted again from the server, I want to save that string in such situation, get it encrypted from the jar file on the client-side so that once network problem is solved I don't need to retype whole message again and then I can directly send the message or the string to the other end or to other user on the network.
So for this I need help regarding how can I store my .jar file on webpage or client-side and then how to call methods from the .jar file using JavaScript. I know applets are deprecated, chrome does not support java. I have also seen some examples on internet like https://docs.oracle.com/javase/tutorial/deployment/applet/invokingAppletMethodsFromJavaScript.html but Its not working properly for me.
So I am in search of some ideal method by which I can first of all include or upload .jar file on client-side and then a method by which I can call java methods from .jar file using JavaScript. Please help... My earnest request...!
JavaScript code for encryption can be easily seen if we inspect element
I'm assuming you mean embedded Javascript here. Because you can refer to an external JS files which are located on the web server, not the client machine.
The browser may cache your script file somewhere locally but if one were bothered enough to dig it up, he might as well decompile your jar file which is much more easier.
Java can easily be decompiled. A jar file on the client will not be more secure than client-side JavaScript.
An encryption method that is compromised by looking at its code is not secure.
You seem to have many misconceptions... here are some facts for you to consider:
A JAR file (as either an application, WebStart or applet) running on client-side is NOT secure. If it runs on my computer, I can do anything I want. I can download the JAR file and decompile it. It's no better than JavaScript in this regard, it just takes slightly more effort and knowledge.
To protect data between client and server, you can simply use HTTPS and POST the data from web page to your server.
If client is encrypting data to you, there should be nothing to hide about the encryption process. The client generates a session key to encrypt the data, then wrap that session key by your server's public key. Then client send both encrypted data and wrapped session key to your server. Read more about Public Key Infrastructure (PKI): https://en.wikipedia.org/wiki/Public_key_infrastructure
By default a Java applet/WebStart is not granted access to disk. You must sign it to write data to disk, and user/security policies can still deny granting those access rights. (Applet - Unable to write file)
As you are aware of it, applet/WebStart is dying because of browsers rejecting plugins. There's Web Cryptography API (it's not mature, and there's no hardware support), you can try that instead. https://www.w3.org/TR/WebCryptoAPI/
I apologize for what might seem like a really dumb question based on a limited of Node.js but please know I am attempting to learn all I can. That being said, as I understand it, Node.js is similar to Apache or IIS. What types of files does it actually serve though (ASP, ASP.NET, PHP, HTML, etc.)?
My IMPRESSION is that it serves JavaScript and HTML by recommendation? In such a case, if I write a JavaScript file used on the server side to write data to my database, is my code exposed to the end user?
My scenario for example is that I would write an HTML5 page with JavaScript to write to a database but if that is served by Apache or IIS then both the HTML and JavaScript have their code exposed. How does this work with Node.js, do I need to stay with PHP for securing my code?
Thank you!
As long as the server-side javascript isn't served to the requesting user you're safe. So no, the database stuff within nodejs won't be served.
That's like asking if PHPs or javas database code get served if someone requests a page (only if the code is read and echoed).
Node.js is a server-side scripting language with modules for interacting with HTTP requests and responses.
You can serve literally any kind of file with Node (as you could with other server-side scripting languages), and in fact, probably want to go out of your way not to let people grab any files they want.
PHP won't secure your code for you. Normally, nginx or Apache helps to protect against threats, but a Node.js server running on a port completely bypasses all of that unless you specifically configure nginx or Apache to forward requests to the port your node program is listening on.
I often hear of the term server-side and client-side programming in regards to web development. They say that server-side and client-side are in a way decoupled from each other. From my understanding, server-side programming makes use of PHP, Rails, Node, ASP.NET, etc., as the technologies and client-side programming makes use of HTML, CSS, Javascript, etc.
Here is where I am fundamentally confused.. From what I know, a PHP file can include HTML, CSS, and Javascript... My question is:
If server-side and client-side programming are indeed separate, why does PHP include HTML, CSS and Javascript? If all of these are done in PHP, the server, where does the client come in? In a typical website run on a PHP server, will there be standalone HTML, CSS, and Javascript files that are not PHP files? Will the client-side developer have have edit the HTML, CSS, and Javascript parts of the PHP file, while the server-side developer works on the PHP part of the file?
Your question sure is a good one many people asked sometime in their lives(web developers).
PHP indeed is a server side script, but the .php extension acts like a normal .html file most of the time.
PHP needs to be a partner with JS and HTML to work.
E.g. A login form. First, the client has completed the form and submitted it. JS then comes in power, using ajax to send your login information to the server(It could be the same document xxx.php, but the server only cares about the php script part).
Then, it sends back a result from the server and may insert a snippet of JS into your login form, where JS empowers and redirect the user from their HTML interface to a new website.
As you can see from the above example, clients and server handles a webpage differently disregarding their file extension. Clients cannot download the PHP source code and the PHP server doesn't care about other than php code themselves.
A single web file is like a port, where clients send information to a php page and the server returns a snippet.
Clients and servers may use one single .php page or can refer to different pages, but the server side webpage is always unaltered
If server-side and client-side programming are indeed separate, why does PHP include HTML, CSS and Javascript?
So it can compactly pack small things inside one web page. Clients view the interface, server executes the PHP code. However, it is not necessary to pack everything into one webpage.
Also, the .php extension can be viewed by clients, so that they know they will interact with the server sometime on that page. Also, .php does not necessary need to include PHP code.
If all of these are done in PHP, the server, where does the client come in?
Clients need to use JS to send information to the server for its response.
On a typical webpage running on a PHP, will there be standalone HTML, CSS, and JavaScript files that are not PHP files?
Yes, files that need not to be parsed by the PHP engine can be named and stored as standalone HTML, CSS and JavaScript file.
Will the client-side developer have have edit the HTML, CSS, and Javascript parts of the PHP file, while the server-side developer works on the PHP part of the file?
I will rephrase your question to be "So the client-side browser can change the DOM, while the server works on the PHP part?". There is no "client sided developer. There is just client sided visitors"
Partially right. Clients download a webpage, not using the same file on the server, the webpage can be altered before sending to the clients. Clients don't get to read the PHP source code, the server is done running the PHP code before sending a webpage to the clients, so the two do not run together. When clients send queries to the server, the server executes nothing but PHP. The .php document is unaltered on the server. After the PHP server has responded, usually, they will send back information to the browser viewing that particular webpage and trigger JS code and change the webpage's DOM, which means the look of the webpage is modified. You can interpret it as "HTML, CSS and JS" being altered.
If all of these are done in PHP, the server, where does the client come in?
The WWW works on a server-client basis.
Web browsers ask web servers for resources. Web servers send those resources to the browser. The browser then interprets them.
When you use server side programming, you just generate those resources programatically instead of reading them from files.
So:
the PHP will run on the server and generate some output
the output it sent to the browser
the browser interprets the output
So the output has to be in a form that the browser understands.
In a typical website run on a PHP server, will there be standalone HTML, CSS, and Javascript files that are not PHP files?
Generally speaking, the CSS and JS will be in static files. The HTML contains the data which is likely to be dynamic (and then generated from PHP) so will probably come from PHP files (although they might use separate template files to get the HTML structure).
Will the client-side developer have have edit the HTML, CSS, and Javascript parts of the PHP file, while the server-side developer works on the PHP part of the file?
There are lots of different ways of working. If you get your server side logic sufficiently separated from from your client side code, then that is a viable way of working.
PHP needs to be executed on the server. The PHP usually determines which CSS/JS/HTML to export to the client. Therefore it is in the PHP file.
HTML, CSS and JS actually is executed on client side. The reason it is in your PHP file, is we need some way of delivering the code to the client. It doesn't just magically appear.
CSS and JS doesn't even have to be in the PHP file. You can use HTML inclusions to let the browser fetch it
eg.
<script src="/loc/of/js/file.js"></script> (JS)
<link href="/loc/of/css/file.css" rel="stylesheet"> (CSS)
Whene you use PHP page, means you want to execute some code in your server at the same time you can include some JS code , or CSS styles, but the server will not execute it.
All the PHP code will be exucuted by the Server.
CSS and JS code will be interprets by your browser because they're front-end code.
All PHP does is that it creates html pages which contain css and javascript code as well and sends it to client. Now how php creates a page differs in application. I hope it helps.
I have an application on my server that is called leaf.exe, that haves two arguments needed to run, they are: inputfile and outputfile, that will be like this example:
pnote.exe input.pnt output.txt
They are all on the same directory as my home page file(the executable and the input file). But I need that a JavaScript could run the application like that, then I want to know how could I do this.
I'm using just Apache, I don't have any language for web installed on it. My goal is to do a site using just JavaScript, without the help of anyother language than it, HTML and CSS.
You would need to make an Ajax request to the server - the server would then have a handler that would then invoke the executable with the appropriate parameters.
Without know which web server technology you are using, it's harder to give a more concrete answer (ex: ASP.NET, PHP, Ruby, etc).
EDIT: If you're talking about doing this without any kind of server side resources, then this is impossible, and for good reason. Think of the security exploits!
Any other way to this without using other languages that need to be installed on the server?
No, but you almost certainly already have languages on the server. If it's a Linux, BSD or OSX server you've got shell script; if it's a Windows server you've got JScript and VBScript via Windows Scripting Host (using a cscript.exe hashbang).
JavaScript is for Client Side of a web application, so you won't be able to directly use javaScript to access server side files. As mentioned by Tejs, you should use Ajax to make a call to server side and then use appropriate server side routine to do the task.
Even at client side, most browsers don't allow accessing of any resource( e.g files) by javaScript code.
For server side javascript in Apache you could use Sun ONE Active Server Pages, formerly known as Chili!Soft ASP. For an IIS server, javascript is plainly available as asp-language.
Look into Rhino and node.js. I dont know a lot about this, but thats a route you can use for serverside javascript.