In nodejs with MySQL - node.js

I am Using Nodejs with MySQL.
But problem is that My MYSQL Connection Password Able to see in browser, With this any user get my my SQL username and Password.
Is it possible no one can see my MySQL Connection permanent as its is a server side.
Can any one help me in this.

Do not send you password to client but store it in a variable inside your server-side script. On a request, use it to access database and send only the result of the operation.
If you show your code you might get a more detailed answer then this...

var connection = mysql.createConnection({
host : 'host',
user : 'dbuser',
password : "pword",
database : 'database',
});
connection.connect();
connection.query(etc etc etc)
for full example see mysql module in node.js not works in my case
or another way is to save the configuration and password details in either an env file or other file (or even sqlite db file and load it on startup/restart of your script

Related

Querying my Cloud Sql DB from my Node.js backend

Recently I've been learning google cloud sql it took a little but I was able to connect my cloud sql auth proxy to my postgres client. However I'm not sure how to query or make post request to my cloud sql. Originally I was just doing
const Pool = require("pg").Pool;
const pool = new Pool({
user: "postgres",
password: "****",
host: "localhost",
port: 5432,
database: "somedb"
});
I'm not sure how to convert this over to try and query the cloud sql db. I did try converting it and got.
const Pool = require("pg").Pool;
const pool = new Pool({
user: "postgres",
password: "****",
host: "[cloud sql ip]",
port: 5432,
database: "[pg/gc db]"
});
I end up getting the error [pg_hba.conf rejects connection for host "[ipv4 ip]", user "postgres", database "[pg/gc db]", no encryption]. I know that the documentation has a code sample but I don't understand it and cant really find any resources on explaining it.
Edit: I am uploading files to a bucket in cloud storage which I was successfully able to do. I plan on mapping out all these files onto a webpage. However I would like to filter them by certain features so I am making a second request after I store the file. My second request will store attributes into a database that I can then relate to the files for filtering.
If you're running the auth proxy from your local machine where you're running your application, then the code will be the same from your application's code perspective. You'll still connect to localhost (although you may need to connect to 127.0.0.1 depending on how you have hosts set up on the machine).
The database field will depend on how you've set up the database in Cloud SQL, but it should be the same as your local database. E.g. if you created a database named "somedb" in Cloud SQL, you don't have to change anything to connect to it in Cloud SQL. The proxy running locally will make everything behave as if you're running the database locally from the application's perspective.
Edit: This particular answer wasn't the issue they were having, but in the comments it came up that both the Proxy and SSL-only was being used, which is (generally) less recommended as it doubles up the SSL/TLS usage because the Proxy also uses generated SSL certificates to connect to Cloud SQL so the database-level SSL connectivity is a redundancy that's likely not needed. There are some edge cases where you may want both, but broadly speaking one or the other is recommended.

nodejs mysql not using full config

First of all, I can't find any answers here and Google. I may search the wrong direction and appreciate any help.
Node: 10.24.1/12.22.1/14.17.0/16.3.0 (These are the versions I tried)
Mysql for node: 2.18.1
Knex: 0.95.0/0.95.4/0.95.5 (Versions I tried)
Test environments: two computers (mac & win) in two networks (totally separated)
Background
The code needs to access the mysql database locally. This database has been tested through HeidiSQL(win) and Sequel Ace(mac) on those two computers with the same credentials remotely and successfully.
To avoid interference by other codes, I initiated a new project using npm init. It has one file: app.js and the code is below:
var mysql = require('mysql');
var connection = mysql.createConnection({
host : '123.123.123.123', // Remote database IP
user : 'user_name',
password : 'pass',
database : 'mydb'
});
connection.connect();
connection.query('SELECT 1 + 1 AS solution', function (error, results, fields) {
if (error) throw error;
console.log('The solution is: ', results[0].solution);
});
connection.end();
200.200.200.200 here is an example of the network's real IP
And the error is below:
code: 'ER_ACCESS_DENIED_ERROR',
sqlMessage: "Access denied for user 'user_name'#'200.200.200.200' (using password: YES)",
sqlState: '28000',
fatal: true
I then clone this mini test project to another computer and tested in a different network with example IP 202.202.202.202 and the error is below:
code: 'ER_ACCESS_DENIED_ERROR',
sqlMessage: "Access denied for user 'user_name'#'202.202.202.202' (using password: YES)",
sqlState: '28000',
fatal: true
Apparently the username has been adapted by the mysql library but the host is not. I assume that the password is taken in as well. because of the using password: YES.
I don't think this is related to the database because without using the correct IP, the code hasn't even touched the database server yet.
It looks like it's using localhost but shouldn't it be 192.168.x.x and I don't use localhost anywhere.
I tried a few versions of node and looks like it's not related to node. knex and mysql are freshly installed using npm. Project is as clean as possible. I can't anywhere that has any problems could cause this.
Any help is appreciated.
Check your database username and password. If it's working before then it should work now and I don't think it's related to node of any of your dependancies.
If it's never working, then try to change your password and try again. From your example the config is used by the mysql lib so there's no reason it picks your username and password but explicitly ignores your host.

How to configure apache tomcat server to the oracle database

I have created an application based upon node JS and react JS, here I am using the oracle database for the data with node JS. The issue here is that the application is able to run but it does not able to make any API calls because all the data that needed to be handled is on the oracle database, I think the application does not able to establish a connection to the oracle database server.
I am new to this whole deployment stuff and this my first web based project.
Here is the configuration code for the database connectivity:
module.exports = {
database:{
user : 'user_name',
password : 'pass',
connectString : 'something'
},
jwtSecretKey: "jmvhDlong......."
};
I am using two oracle database server, one for storing the user details and the second to fetch the details:
Code for the user database server:
module.exports = {
database:{
user : 'user_name',
password : 'pass',
connectString : 'something'
},
jwtSecretKey: "jmvhDlong......."
};
Code for the database server from which the details need to be fetched:
module.exports = {
database:{
user : 'user_name',
password : 'pass',
connectString : 'something'
},
};
And don't worry about the user, password and connectstring those are correct.
I need to bypass the apache server configuration so that the application can able to connect to the oracle database and able to make the API calls.
do you want to use appache as a user to login to an oracle-db?
there is a parameter for ms-sql, called integratedSecurity (=true), and you can set a software as a user in db, so you can acces ms-sql with tomcat.
if you want to do something like this, i think this isnt possible, my knowlegde is 2years old, dont know if something changed meanwhile.

How to connect to a postgreSQL database stored on a server and request this database? Node.js

I am working to develop a server with Node.js to request a postgreSQL database. My problem is, that I can't connect (with my local computer, using wifi connection, not ethernet) to this server, and also to the postgreSQL.
I have an username and a password to connect to the server, and also an another username and password to connect the database.
How can to connect both of those, and get the information I want from the postgreSQL database? Can I connect to this server with command bash like ssh but in node.js?
I did something like this:
var ssh = new SSH({
host: 'hostname',
user: 'user',
pass: 'password'
});
or something like this:
var connectionString = 'postgres://user:password#database:port';
I have another problem, my teacher give me a password containing a #, and I think this will make some problems when I have to put my password:
postgres://user:pass**#**word#database:port
How to bypass this password problem?
you need to pass ip address of machine where database resides in place of hostname.

NodeJS encrypted connection string to Postgres

I am learning NodeJS by building a JWT server. Basically I want to authorize users against credentials in a PostgreSQL database. I am considering node-postgres, passport, pg to connect with PostgreSQL but I have not found anyway to store my connection values encrypted. Ideally I would store them in a properties file so I can change them per environment.
Most examples I see do something like:
var pg = require('pg');
var conString = "postgres://YourUserName:YourPassword#localhost:5432/YourDatabase";
Can someone help show me how to encrypt and use my credentials so I don't have to hard code the plain values in my source?
There seem to exist npm packages for this already. See https://www.npmjs.com/package/secure-conf. Seems to fulfill your needs.
Please note, that you should also secure your Connection to the DB using SSL. See SSL for PostgreSQL connection nodejs for a Solution.
This should help.
if you use sequelize to connect postgres
const sequelize = new Sequelize("DB", usrname, password, {
host: "/var/run/postgresql",
dialect: "postgres",
});
NB: get the host string from your pgsl db might be different //

Resources