JavaScript and Language C accessing the same database

Question

JavaScript and Language C accessing the same database

Navigation

#1 by (4 votes)
#2 by (1 votes)

0

I'm using a Facebook APP (and JavaScript SDK) to use the login on a website, plus I should store some basic information about the user. By requirement of the teacher, this site was all built "using language C" (Mongoose).

The problem is: I can get the user data with JavaScript without any difficulty, but the database that will store this is in the C (SQLite3) application.

Would it be feasible to have the application's JavaScript part access the same database to write user data, or is there any way to get this data and use it in existing C functions?

javascript c sqlite

asked by anonymous 14.10.2015 / 15:29

2 answers

Loop to calculate the maximum value Buttons made with images

score 4 · Answer 1

You can access SQLite directly from JS. But honestly I would not do that. No one does, so we do not know how reliable they are. You have too much risk and less gain.

Depending on how this application will work it is reckless to do direct access to the database. I will consider that either it will run everything on the server or everything on the client and it will not have sensitive data on it. If there is interaction between client and server (where the database would be), then direct access would be reckless.

Since there will be parts in JS and parts in C, use what each one can offer the best.

As there are no details of the application I can not say much as each part will communicate, but surely this is possible in some way.

score 1 · Answer 2

In general, it is not a good idea to allow the client to access the database directly, since a malicious client can send any message to the server. For example, a client could send an SQL command to delete a table from its database or do some other malware.

The right way to approach this problem is to hold the server accountable for the database. If the client needs to make a change in the database, it makes an HTTP request to the server (possibly via AJAX) and the server sends an appropriate SQL command to the database.

And be sure to verify that the user request is valid! That is, if the user is logged in, you have permissions to do what you want, etc. You should never blindly trust a data or message from the user.