1
00:00:02,130 --> 00:00:05,780
Now before we're going to explore what exactly we're going

2
00:00:05,780 --> 00:00:08,100
to build in this core section,

3
00:00:08,100 --> 00:00:11,910
and before we are going to start planning how we build it,

4
00:00:11,910 --> 00:00:14,420
let me answer one important question.

5
00:00:14,420 --> 00:00:19,100
Why exactly is this section about connecting to a database,

6
00:00:19,100 --> 00:00:22,820
from inside our backend website code?

7
00:00:22,820 --> 00:00:24,270
Why not from the front end?

8
00:00:24,270 --> 00:00:27,183
Why not, why a JavaScript in the browser?

9
00:00:28,280 --> 00:00:29,810
Well, there is a rule,

10
00:00:29,810 --> 00:00:32,910
and I will explain why we have that rule in a second,

11
00:00:32,910 --> 00:00:37,390
but the rule is that you should not, not, connect to

12
00:00:37,390 --> 00:00:40,860
a database from inside your frontend JavaScript code.

13
00:00:40,860 --> 00:00:43,470
So not from inside the code that runs

14
00:00:43,470 --> 00:00:45,330
in the browser in the end.

15
00:00:45,330 --> 00:00:47,060
Now, why is that the case?

16
00:00:47,060 --> 00:00:50,330
The reason for that is, that since it runs in the browser,

17
00:00:50,330 --> 00:00:54,540
so in the end on the computers of your website visitors,

18
00:00:54,540 --> 00:00:59,540
that code, any JavaScript code that runs in the browser

19
00:01:00,040 --> 00:01:04,110
is in the end, exposed to your website visitors.

20
00:01:04,110 --> 00:01:07,470
Of course the average visitor will not see it.

21
00:01:07,470 --> 00:01:09,600
The average visitor will just see

22
00:01:09,600 --> 00:01:12,720
the result of that code being executed,

23
00:01:12,720 --> 00:01:16,760
but if you're a bit more experienced, like you already are,

24
00:01:16,760 --> 00:01:20,260
you could open the developer tools and in there,

25
00:01:20,260 --> 00:01:22,730
if you click through the different tabs and so on,

26
00:01:22,730 --> 00:01:26,780
you can also view the client side, so to browser side,

27
00:01:26,780 --> 00:01:28,310
to JavaScript code,

28
00:01:28,310 --> 00:01:30,940
that was loaded for a given website,

29
00:01:30,940 --> 00:01:34,135
and that is executed for that website.

30
00:01:34,135 --> 00:01:38,860
So any JavaScript code that's running in the browser

31
00:01:38,860 --> 00:01:43,290
can be viewed by the visitors of your website.

32
00:01:43,290 --> 00:01:46,680
And even more than that, it cannot just be viewed,

33
00:01:46,680 --> 00:01:51,530
visitors could also edit the code that runs in the browser.

34
00:01:51,530 --> 00:01:55,010
This feature exists for debugging reasons,

35
00:01:55,010 --> 00:01:57,560
so that if you are working on your own website,

36
00:01:57,560 --> 00:01:59,500
if you are developing a website,

37
00:01:59,500 --> 00:02:01,930
you could change the code in the browser

38
00:02:01,930 --> 00:02:04,370
to temporarily test a change,

39
00:02:04,370 --> 00:02:07,673
but that is something visitors can do themselves as well.

40
00:02:08,570 --> 00:02:10,680
Now, normally that is no problem,

41
00:02:10,680 --> 00:02:14,960
because if visitors added the code that runs on the website

42
00:02:14,960 --> 00:02:18,720
that was loaded for them, they can only hack themselves,

43
00:02:18,720 --> 00:02:22,720
they can't do any harm to you or to other visitors.

44
00:02:22,720 --> 00:02:26,010
But this changes if you start connecting to a database,

45
00:02:26,010 --> 00:02:28,720
from inside your client's side code,

46
00:02:28,720 --> 00:02:32,390
because then since that code is exposed and editable,

47
00:02:32,390 --> 00:02:35,340
the visitors of your website could, for example,

48
00:02:35,340 --> 00:02:38,180
look up your database credentials.

49
00:02:38,180 --> 00:02:41,710
So the username and password, with which you're connecting

50
00:02:41,710 --> 00:02:44,650
to the database, and they could also manipulate

51
00:02:44,650 --> 00:02:46,830
the queries that are executed,

52
00:02:46,830 --> 00:02:49,470
they could start deleting your tables,

53
00:02:49,470 --> 00:02:52,760
where the data in your tables, when they actually shouldn't

54
00:02:52,760 --> 00:02:54,820
be allowed to do so.

55
00:02:54,820 --> 00:02:58,670
That's why you don't want to have any code that interacts

56
00:02:58,670 --> 00:03:03,600
with your database in the client side, JavaScript code.

57
00:03:03,600 --> 00:03:07,760
That's why we instead, always do that on the backend.

58
00:03:07,760 --> 00:03:12,140
So in our server side JavaScript code with node JS,

59
00:03:12,140 --> 00:03:16,650
because that code runs on our servers that belong to us,

60
00:03:16,650 --> 00:03:20,830
the developer, and this code that runs on the server side,

61
00:03:20,830 --> 00:03:24,930
can't be viewed by the visitors of our website.

62
00:03:24,930 --> 00:03:26,943
That's really, really important.