I know that for connecting to the database from JavaScript I need to mention the database credentials in plain JavaScript code. Therefore for a online application that would be a huge security risk. But in my case I want to write a small JavaScript application which is stored locally. So the credentials won't be shown to the world but just to the user I give the application, which is acceptable for me.
The motivation behind this is that I want to connect to an online database without a running PHP server, just from a JavaScript embedded in the local page. My goal is to provide an application that can be run by the user without the need for PHP and a server, except the database server. It's similar to a desktop application but running in the browser.
How can I connect from JavaScript to an online MySQL database? All other similar questions I found on Stack Overflow advices the thread starter against this usage for good reason but hadn't answered the question.
I heard that connecting to MySQL from JavaScript would be impossible. But how do, say, Windows 8 Metro Apps written in JavaScript handle that issue?
A backend repeater is always needed. For this issue you can set up a light-weight server that forwards your database accessing request to mysql server using, say node.js.
If you are focussing on a specific web browser, maybe you'll find a workaround. But if you're thinking on a local application independent from the user agent, you should follow the standards to reach a predictable behavior (or at least the best approach). In the W3C standards you have two options for storage:
Web Storage API: you're limited to key-value storage, but is very well supported.
Indexed Database API. I've no experience with it, but it's supported.
If you're not to limit the user context to a restricted machine and user agent, you can start with standard storage solutions as mentioned above and then enhance your app for more advanced browsers (perhaps even with MySQL!), as recommended in Progressive Enhancement
Related
I have a Oracle database server hosting data, and I want to build a small app on my local network for people to do light data entry.
Normally we can't query a database from the browser because the browser is client-side and the database is on the server.
But what if the server and website are both hosted on the local network? Would it then be possible? The problem is I don't have a server I'm just making a small website as a file on a shared drive.
But what if the server and website are both hosted on the local network?
This does not change almost anything, maybe it makes things a bit easier when it comes to application security.
Normally we can't query a database from the browser because the browser is client-side and the database is on the server.
That's not true. You can query a database from a browser/client-side. The problem behind such a solution is security of course, because in this case the client would have to know the database credentials, which is why such operations are performed on the server side, but it does not mean that querying database from client-side is not possible.
The conclusion is that if you know the database credentials anyway, it is possible to write a simple application (which will query database from client-side) for yourself. For this you can use OracleDB module.
---EDIT---
I will only emphasize once again that you should not make such an application available anywhere outside for security reasons (availability of database credentials).
However, you can use JavaScript fullstack frameworks like nextjs or sveltekit - they are able to perform some server-side operations and then pass this data to the client. This approach would be much safer.
I'd use Oracle Application Express.
It is installed in Oracle database; lets you develop applications rather quickly (if you know some SQL; even if you don't - use wizards). The only "tool" you need is a web browser. Your users would also need it (the browser), accessing your application via local network and enjoy beautiful application you'll create.
I understand this is not best practice but I am operating within a limited realm and, as far as I can tell, this is the only solution to this problem.
I am trying to connect to an MS-SQL database both to get data and to put data onto the database. I cannot seem to do it through JavaScript.
ActiveXObject is, from my understanding, now depreciated so that is not working, which eliminates every functional solution that I could find recommended in the past.
Please note: I am not a web developer and I have no access to any of the standard web development tools for this task.
This is the question has been asked multiple times in various forums - Can my client-side Javascript (running in a browser) connect to a database server and fetch data?
The short answer is - not recommended in general, not feasible without breaching security and without using outdated technologies. Let us dig into it.
It is possible to connect to remote database from a browser using outdated technologies
There are two pieces of technologies from Java and .Net worlds - Applet and ActiveX that run on the browser and can communicate to a remote database. The Java Applet is hardly used by anyone nowadays and browsers are stopping to support it. ActiveX is discontinued by Microsoft in their newer browser Edge. So, you have to enforce your target users to use old insecure browsers if you want to go with these options.
Do not use this.
Use databases embedded in the browser and sync with a remote database
You may use the database locally available in the browser and perform all read/write operations. Periodically sync this database with a remote one. Here are the options:
MongoDB and use change stream to sync with a remote MongoDB
PouchDB and sync with a remote CouchDB or even a MySQL database
Use this only for offline storage temporarily in the browser.
The traditional and secure approach to connect to a remote Database
Use a server-side technology to develop an app that your client-side code (Javascript, HTML) talks to. The app may provide RESTful APIs to interact from the client-side. Then the app that is running in a web server connects and interacts with the database. There are plenty of server-side technologies such as Java, PHP, Python, NodeJS (Javascript based), .Net, etc. to develop your server-side app.
Go with this option.
Well javascript is a client side scripting where as your database runs on a server. So firstly you cannot connect to a database for executing any query from client side i.e javascript and also you need to setup a server side service which can connect to the database and execute the query and give you the result at the client side. You can refer any client-server architecture for this on the web.
I'm working on a project in which we need to authenticate the user in an application by using his/hers windows credentials. Frontend is using Angularjs and backend java.
After doing a sensible amount of research, I discovered that there is no way on the the frontend to obtain directly the Windows user & pass due to security concerns.
But I'm thinking that the whole process should start here, from the frontend, by obtaining these two encrypted credentials or at least a token and sending them to the backend in order to kickstart the ntlm authentication process.
And also, not sure if the user should have to log in the app by typing his windows credentials or if it should automatically be done with ntlm passthrough.
I do not have a good grip on the concept, and that is because most of the related sources that I found are referring to backend solutions (C# 80% of them), but almost nothing for fronted. So, I humbly require some clarifications on this topic. Is there some sort of middleware or npm package that I should use in order to obtain the user & pass, or what would you advise?
Web servers expose certain server variables to code handling requests they serve.
For me, using IIS, these are described here: https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524602%28v%3dvs.90%29
Since I am using IISNode; my node.js environment is completely embedded into IIS; I have access to these server variables. As the link described, each programming language seems to have their own way to access these variables.
So I would doubt it if Java does not have those as well. The exact code to use will depend on you back end.
But a quick search for "java server variables" already yields me the following:
https://docs.oracle.com/cd/E19534-01/820-3288/gawim/index.html for the java access manager.
http://users.polytech.unice.fr/~buffa/cours/internet/POLYS/servlets/Servlet-Tutorial-CGI-Variables.html for old school JSP.
How can I obtain server variables using apache wicket 1.54? for java wicket server.
So have a look at the documentation of your specific web server software or Java API.
There should be a list and example code of how to access these.
Once you obtain this data server side, you can do the LDAP query and then return the results client side.
I'm developing a Chrome extension and I'm looking for a way to get client JavaScript, without any back-end layer on my side. Is it possible?
Maybe it's possible to make an AJAX request to the Google Cloud with a SQL query as a parameter? I'm using Google OAuth.
Thanks!
As Cloud SQL uses the MySQL wire protocol and there is no javascript support for this (or even for the underlying socket requirements) it is not possible to directly connect Javascript to Cloud SQL.
You probably shouldn't do this even if you could, as its very difficult to make a system like that secure. As you would have to embed the username/password for the database in your extension, you cannot enforce any separation of data between your users.
A backend is usually needed to enforce ACLs, and also makes future development (an app, website, desktop app, API etc) much easier. This backend does not have to be a complex beast - Firebase provides a good backend out of the box with no coding required (although it isn't backed by MySQL).
I do not have the privileged nor the permission to ask for a server in my workplace thus I was thinking of developing a local web application on my computer and utilizing a common space folder to let everyone access my web based tool.
How can I use a client to entirely develop a web application, query database, and do all the things that you'd generally do using a server?
I don't think you can accomplish what you're talking about through a browser app alone. Modern browsers have local database storage, but without a server you simply can't have central data that everyone can access.
Why not set up a local server on your own machine? Node.js servers are very easy to set up and perfect for simple use cases. Your coworkers could access the app via your IP address anytime it is running and your computer is on the network.
For more specific information please ask a more targeted question; this question is too open-ended to have a clear answer.