0

In general, is it safe to setup a DB connection in a api route using NextJS.

  • My DB credentials is going to be safe?
  • The data traffic is going to be safe?
gabrielforster
  • 31
  • 5
  • 3
    All server-side code is invisible to the user. All client-side code is visible. If you publish to https, traffic is safe. –  Aug 08 '22 at 11:34
  • So... every api route runs on the server-side? And if I run my app with ssr all my code is gonna be invisible to the user? – gabrielforster Aug 08 '22 at 11:46
  • 2
    Whichever type of populating your pages with data you use, it either a) happens directly on the server or b) happens via fetch(some_api_route) which again means your backend accesses the DB then forwards the loaded data to the client-side. Visible to the user is only a) rendered HTML b) client-side JavaScript –  Aug 08 '22 at 11:50
  • 2
    Eventhough users wont see your API routes' codes you should still use environment variables for database credentials. – Apak Aug 08 '22 at 11:57
  • Got it @ChrisG. – gabrielforster Aug 08 '22 at 11:58
  • Yeah, sure @Apak – gabrielforster Aug 08 '22 at 11:58

0 Answers0