0

I have an Electron app scaffolded using ERB (electron-react-boilerplate) which needs to read and write data from/to a Sqlite database. I am using BetterSqlite3 for the database and React for the renderer.

From what I can tell looking at the Electron documentation it seems that the actual db integration (CRUD functions) takes place on Electron's side (i.e. in main).

Is it possible/advisable to have the database logic on the renderer (React) side? If not, do you make use of IPC to send and receive the db data between Electron and React? Are there any downsides to doing this (performance, security, etc.) vs having db logic in React?

Thanx in advance for your time and assistance.

Improve this question

2 Answers 2

Reset to default
1

The renderer process should be dumb, ie it should only exist for the purposes of presentation. Old versions of Electron allowed/promoted nodeIntegration of true in BrowserWindows, other versions allowed the use of remote in order to pull modules that were needed on the UI.

This is not secure.

There are a number of security vulnerabilities that allowing the renderer process access to modules such as a DB or OS-level control (ie. file system) which is likely why the Electron team implemented controls such as contextIsolation, sandbox on the BrowserWindow.webPreferences property (or - just to align it with Chromium). The best practice is to only allow the main process to access the DB, and communicate however is necessary to the renderer process via IPC.

I've written a post on the history of Electron and how things have changed, and what we should be doing now. I'm also a maintainer of a secure Electron template for near two years (as of this writing).

Improve this answer
0

I dont know why you want to use database logic in the renderer side while Separating the database logic into the main process promotes a cleaner architecture by separating the concerns. It makes the application easier to maintain and scale, especially for larger applications or those that might evolve to use different databases or add more complex operations.

Improve this answer
1
  • As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Mar 28 at 10:05

Not the answer you're looking for? Browse other questions tagged or ask your own question.