On Dec 29, 2013, at 02:44, Raf Roger <[email protected]> wrote: > someone told me that node.js works on server-side and can replace PHP for > example.
Yes, nodejs is a JavaScript runtime environment designed for I/O-intensive applications, and is ideally suited to writing networked applications; a web server is one such program that one could create with nodejs. Yes, one could use nodejs in place of PHP and Apache to develop the server-side component of a web site. Perhaps one might add a database engine like MySQL or MongoDB to the mix. Or, just as nodejs becomes the web server and removes the need to run a separate web server like Apache, so too could you find npm modules that perform database-serving functions and make your nodejs app itself handle the database and remove the need for running a separate database server. Nodejs gives you many choices, so that you can write the app that does exactly what you want. Figuring out exactly what you want can be difficult, with so many choices available. So, just try something and get it working; you can change it later if you need to. > i learned that javascript is not secured enough to be used on server side to > retrieve,save and update data in database. So what makes node.js so different > ? > is it really safe to use it on server-side for database actions ? JavaScript is a programming language. Most programming languages are not “secure” or “insecure”; it’s the ways in which you use them that are. Using *client-side* code (for example JavaScript) to perform database queries on a server would indeed in my opinion be insecure and I would recommend against it. Such capability might imply that your database server is accepting queries openly from anyone on the Internet, which would seem to be a security vulnerability and preclude any access control mechanism. On the other hand, accessing a database from within your server-side code, be it written in JavaScript or PHP or any other language, would be as secure as you make it. For example, you would want to validate any user input, and only provide ways of accessing the specific subsets of the database that you want people to access. And your database server could be configured to only accept connections from your web server, so that the only queries that can be performed are the ones you’ve deliberately programmed your web app to do. > i want to create a web portal with payment gateway and i would like to be > sure that if i have 10000 concurrent users there is no risk for them and > personal data. Okay, go for it. However, if you’re new to nodejs, a smaller project would probably be a better way to learn. Try making a simple single-page web app with express and jade. Then set up a database (whichever one you like) and make the page display the most recent record from the database (find an npm module that talks to the database server you’re using). Then add form where you can submit a new database record, and make sure the page then displays that record. If you’re coming from PHP, there will be many differences, many of which working through how to write a simple app like this should teach you. Then you can consider tackling a larger project. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
