Understanding how code flows from front-end to back-end? - javascript

I currently understand that in a full overview, a client will interact with the front-end of a website, then the website will process that transaction and perhaps create a file, the the file will go to the backend, backend will do something with the file (perhaps record it in a dbms), and then it will shoot a result back to the front-end.
For example, imagine we had a javascript website where users enter information which we want to record into a MySQL database. How does this process work? Obviously, we want to have an HTML in the website, and it the will "post" to a specific file. But, MySQL databases don't seem to exist as files, like I can't find a ".sql" file anywhere on my computer. Where do I exactly "post" to? And perhaps, once the user's information is recorded, I want the server to reply back with "You are the Nth submitter! Thanks." How do I exactly take information about a table in MySQL and respond with it?
The general high-level explanation of front/back end coding makes sense, but then when I get to actually trying to implement an example, I don't even know where to begin.

You post to an HTTP server (such as Apache HTTPD). The HTTP request includes a URL and the data.
The HTTP server uses something like mod_fcgid to map the URL onto a program (written in the language of your choice) using and passes along the request.
That program connects to the local database server and uses MySQL's custom protocols to send the query.
The local database server then stores the result in a file (which isn't a .sql file).

Related

How would I transfer data from a Node.JS web app to a JavaScript client on another website/server?

I have a Node.JS backend running on Heroku which pulls data from a Google sheet. This app will run once a day to pull updated data from the Google Sheet.
I also have a client written in HTML, CSS & JS which will need to draw that data from the backend.
The problem is, the client runs on a different server than than the Node.JS backend. This means I have to have the Node.JS backend update some form of database, then have the client download that data.
Some important information:
I don't have access to the client server, but of course I can access the backend.
I only need to transfer a very small amount of data (only 4 pieces of data).
I am doing this as a volunteer project, and therefore anything suggested needs to be free.
These are the options I have considered:
Option 1: Use Heroku Postgres
This is the option I initially wanted to use. However, I learnt that the credentials to access the database change every so often, so that means the final product may not be completely hands-free.
Option 2: Find an external SQL database host
This is the more likely option of the two. However, I've found that many free database host are insecure and difficult to use. I had a look at 000webhost, but I quickly learnt the database was hosted on localhost - this meant it couldn't be accessed by my client.
Which of these options, if any, are the best? What other methods can I use to accomplish this? Could someone please give me some recommendations on services which I could use?

Safe Javascript/Sql connection

im trying to create a simple website with HTML/CSS and Javascript. Basically the user should be able to input a number into a textfield and "send it" with a button. When the button got pressed i want to run a Javascript function that searches the number in a sql database.
Creating all that stuff shouldnt be a big problem for me, but i have no clue how to create a safe connection between JS and SQL. I have read that a direct connection with javascript is very insecure.
Some people recommend to use java or c# to built an sql connection. How would that work? Basically just an Javascript code, that runs an java/c# application(which builds an sql connection) and returns the needed sql data?
Also heard that its possible to create a sql connection with node.js, is this safe? Or is another method more suitable?
Greetings
I have read that a direct connection with javascript is very insecure
The danger is in giving direct access to your database to the client. JavaScript is most commonly run client-side in web browsers, so for it to access the database you would have to give the browser (and thus the visitor) a username and password on your database server and let them run raw SQL.
There are many possible security risks with this and it just isn't worth it.
(Aside: You can't make arbitrary socket connections with browser-side JavaScript, so it's impossible to connect to most database servers from it anyway).
If you want to expose data to JavaScript running in the web browser, then the standard approach is to write a webservice.
You can write the webservice in any programming language you like (including JavaScript). It listens for HTTP requests, reads data out of them, possibly performs authn/authz, the queries the database (applying the well-documented defences against SQL Injection attacks) and returns the result (often formatted as JSON).
The client-side JavaScript, therefore, just has to make an HTTP request (e.g. with XMLHttpRequest or fetch) with parameters passed in the query string or request body, and process the data it gets back from it.
Connecting to a database using client side javascript is very insecure as the javascript will need to know the login details. And since the client side javascript is on the client side, any user will be able to see the login details in plain text.
The best way to do this is to make a webservice on a server. When the button is clicked it will make a GET/POST request to the webservice with the entered number as a parameter. The webservice, which can be made using any language pretty much, will create the connection with the database and insert the row itself.
Although I would advise going the webservice route since it will be much easier to make secure. Playing with javascript to database is extremely dangerous unless you have a really good system and understand exactly what you are doing; but if you really want to do it and have an application that requires it, then can use PouchDB connected with CouchDB.
PouchDB is run locally and can sync with CouchDB over HTTP.
https://pouchdb.com/
https://couchdb.apache.org/
There is an answer here discussing basic security with pouchDb synchronizing with couchDb. Basically, each person needs separate login credentials and credentials should never be stored in the page code.
PouchDB security
There are some neat uses for pouchDB: https://pouchdb.com/users.html

javascript - how to accomplish getting variable (data) from client side to a database online server?

so on client side running in the browser I have a javascript code that has a variable (namely a url that is 1500 characters long), and which I need to insert it into a online database that lives on the webserver where I have hosted my website. I have these two technologies on my website, mysql DB and PHP.
Please kindly would someone recommend the best way to do this?
showing examples, specifically, how to send this data over to the remote server and how to process return data it may send back to me??
what i was thinking if there's a way to send over this variable string that is 1500 characters long, over to a PHP file living on my website which this PHP file will be able to insert the data into the DB, and then some time afterwards my same script running on the client browser will check and pull data from the remote DB back to itself...... I've tried to follow along some example searches googling but none of them are making sense to me, sorry I am visual learner , and would greatly appreciate any help you may provide me with this task .....
The solution already discussed here is the proper one. You need an API (also called a service).
I don't know who downvoted it but its the right one.
And you need it for several reasons.
Performance issues. Your solution "writting to a file" will be slow. And even "writting to a file" will require a service on top.
Security reasons. To allow in any other kind of way for a user to write in your server directly (FTP or other methods) is a big security risk and your server might end up being attacked.
Scalability and mantainance.
I would recommend reading more at
https://code.tutsplus.com/tutorials/a-beginners-guide-to-http-and-rest--net-16340
And if you are a bigginer an want to start something fast loopback is an amazing option, but you need NodeJS in your server.
In broad terms what you need to do is set up a API on the PHP side of things. Basically you want a structure where your javascript can send the request, and then, using promises, wait till it gets a response to get the data. That way your PHP server can take however long it needs to put the data in the database and process it properly.
Here's a tutorial on how to make a restful api in php

How to secure an API used only from front-end (Ajax call)

Well, I created an API to manage for our websites some attachments uploads and store into Amazon S3 buckets
The scenario : Once visitor / user in the form and wants to submit it with attachment, once the file is selected then button clicked an Ajax request fire to the micro service API so it can store the file into S3 do some processing then return the direct link or identifier.
The question is : how can we authenticate the user using for example a short live token or something like that without being hijacked, mis-usage of the token..
In Javascript everything is visible to the visitor, and we try to not integrate any heavy process in the backend
If I got your question straight, you have a web interface in which files are uploaded to an S3 bucket and you need to make sure that in a certain back end API (such as REST) all file upload commands will have authentication and authorization.
The answer is highly dependent on your architecture but generally speaking, all Javascript calls are nothing but HTTP calls. So you need HTTP authentication/authorization. In general, the most straightforward method for REST over HTTP is the basic authentication, in which the client sends a credential in every single request. This may sound odd at first but it is quite standard since HTTP is supposed to be stateless.
So the short answer, at least for the scenario I just described, would be to ask the user to provide the credentials that Javascript will keep in the client side, then send basic authentication which the REST interface can understand. The server-side processes will then get such information and decide whether a certain file can be written in a certain S3 bucket.

Where to put my php file?

I am trying to make a sign up activity on android and I am using a mysql database to store the data. On all the examples I have seen the http post goes to a ip address and then finds the php file. Can I just put the php file somewhere in the android app folder and access it from there, or do I have to find a host for it?
The php code, specially for tasks such as sign up, should never be placed on the client side or embedded with the front end application, but instead be placed on the server side hidden from the user for the sake of safety of your database/application. If you are only considering to put your php with your Android app together for the case you need to test it, and eventually doesn't have access to a server, you may then consider using Google App Engine, as it allows you to emulate a server locally without the need of a server. Here you find some info about Amazon's RDS.
You can put you php in the same directory you place your index.html file, i.e. in the root public directory of your domain. To load it to the Amazon, you can use the cPanel or the Filezilla or any other panel you wish among the options Amazon put available for their users.
In the case Amazon doesn't provide a place to put your php, as a suggestion, you can get a host that allows you to have a static ip accessing it thorough an easy to remember url address - for free. It is quite useful specially for making tests. Still if you decide at some point to have a personalized domain name registered, there are also some other good options to compare.
You dont need jQuery, when doing the POST request,PHP connects to the database get the data and return it to your app.
So to answer your question you should put the PHP in the same server where mysql runs.

Categories