looking for some advice on a couple of topics.
Im currently starting writing my first IOS application and have some questions.I wish to access some data from a mysql DB - this will hold hold a user table with logins and passwords, etc,...
Can i access the DB directly from IOS and perform my sql queries from within?
What is the standard way of encrypting a cached password for an application?
Is it best practice to perform all the queries from with the app or rely on a web server to proceess these and return the results?
Many thanks, apologies if a little vague but appreciate any constructive feedback guys.
thanks.
Steve
Yes you can access db directly but this isn't ideal. Would be a better idea creating a rest api. Slim framework. Example below:
<?php
$app = new \Slim\Slim();
$app->get('/hello/:name', function ($name) {
echo "Hello, $name";
});
$app->run();
http://www.slimframework.com/
Would do the processing on the server and then just return a json object or xml you can then do what you want with the data.
Encrypting password you could store in keychain only your app will have access.
Can i access the DB directly from IOS and perform my sql queries from within?
reply : this is good pactice .
What is the standard way of encrypting a cached password for an application?
reply: you can use many encrypting , has md5 ,etc
Is it best practice to perform all the queries from with the app or rely on a web server to proceess these and return the results?
reply: yes you can use any webservice , json or xml it best for ios dev with webservice
You can access a database directly from the iOS using the MySQL C API. I haven't got this to work yet, but you can read more about it here: http://zetcode.com/db/mysqlc/
and
http://dev.mysql.com/doc/refman/5.0/en/c-api-function-overview.html
If you don't get it to work then you can indirectly connect to to MySQL via a PHP server. There are lots of these kind of tutorials out there.
Otherwise you could use SQLite that is bult in. But that's almost a different thing.
Related
My question is a simple enough one but I can't quite seem to find a good tutorial on it. Maybe I am not being specific enough with what I am asking but I can't really type an explanation into google and expect an answer.
So here is my question;
I currently have a website up and running on a hosting site and this hosting site allows me to have a database up on their server as well.
So my question is how do I read data from this database that I have setup using phpAdmin? Also, it is a mySQL database.
The website will be acting like a review site built I just want to use it to learn web development as well. So What I am trying to do it read articles that I will be saving in the database so I can display them on my website.
Any help or advice in regard to this is much appreciated.
Thanks in advance,
Cylon.
you cant read directly from a Database using AngularJS or any Client-side framework , you need a back-end / server-side language such as PHP ,C# ,Java..
to connect to your MySql ,MSSql... ,
so in your case your need to create PHP script which will connect to the Database and provide an interface you can access with (GET , POST methods ) using AngularJS ($http.post("url"...)
for a best practice (if you want) the Data should be in JSON format.
We are very struggled about getting and posting table data for Navistion Database.We need getting data for Navistion DB to our local(sqlLit) DataBase and posting data SqlLit Db to Navistion DB.In PHoneGap
We are goggled.But no luck.So Please give any documentation and link .Please help me.
PhoneGap/Cordova can work with other databases when you use middleware on your server to respond to it. So for example, your server (with the Navistion DB) could use PHP or ColdFusion to respond to Ajax requests from your app. It would handle taking the request, querying the db, and converting the response to JSON. There is no documentation link for this as it is too abstract of a question really.
Agree with Raymond - the question is too general to give any kind of recommendation. Maybe if you could elaborate it a bit - at least outline the task you need to solve, it would be easier to suggest something.
Anyway, I presume, you don't want to insert data into the Navision DB directly, but need an interface to Nav functionality. My first idea would be to look at Web services. Some documentation is available on msdn: Web services in Nav. You can expose Nav objects (Codeunits, Pages and Queries) through a web service and call it from PhoneGap.
I'm searching for a way to connect an app with a database, created in Sequel Pro which is connected with a mySQL Server (started over MAMP).
I've already searched for some solutions but there are hundreds of different posts, some said that SQLite will be the only possibility, some others said that CoreData will be perfect.
Now I found a framework called 'MCPKit', but this framework isn't really up-to-date and it looks like Apple itself also recommends CoreData for Data Management. (https://developer.apple.com/technologies/ios/data-management.html)
I'm not familiar with CoreData and I'll be very happy if someone knows an other way to build up the connection.
I try to be as specific as possible but if you already have some questions, please ask.
Connecting to a mysql database IS possible. I did it via php which returned an xml file which my app parsed and stored.
This link also covers this topic as well.
How to connect to a MySQL database from an iPhone?
Core Data is a technology for persisting objects in iOS and is often used as a local database. In fact, the NSPersistentStore is almost always implemented as a SQLite database in iOS. However, if you are looking to make network calls to get data from the database on your server, Core Data does not do that.
The short answer is that you need to build a web service on your server that allows you to access the data. A good way (though certainly not the only way) to handle the communications between your service and mobile device is with sockets. Here is a tutorial that can get you a good start.
CoreData actually uses SQLite...
You can access your database with an NSURLRequest, then creating a NSData with the request.
Depending on the format which your Server gives you back (i.e. JSON) you can transform the NSData into a Dictionary. This would look like this with JSON:
NSDictionary *contentDictionary = [NSJSONSerialization JSONObjectWithData:contentServerResponse options:NSJSONReadingMutableContainers error:nil];
then you can access the Dictionary usual Key-Value-Access and assign the content to your ViewController.
If you are using MAMP try writing php script files to access the mySQL db and echo it as JSON text using json_encode function in PHP. You have many parsers to parse JSON in iOS.
I just realized that there is no best way to hide MySQL string connection password in my executable file, especially in JAR file. Even encrypting it in EXE would only slow down the process (although I'm not sure how much time would it take to get an encrypted password from an EXE file).
So, from my understanding, I need something in the middle that would do the add, edit, delete etc to the database. Seems like a job for REST API or maybe SOAP services.
My question is, which one should I use? Or should I use something else? I was thinking Zend Framework to create those REST APIs. Then, I would use Qt to create a desktop application to call those APIs. But if I proceed with REST, my application would be a 3 tier application. Wouldn't it be better if I just create a web application? Maybe I should just stick to desktop application call those APIs since the application is already finished and I just need to change from connecting directly to MySQL to calling those APIs to perform tasks rather than changing the whole application to a web.
Any advice would be very helpful. Thanks in advance.
UPDATE:
I'm looking for a security that would protect my MySQL password connection.
Obfuscator would only obfuscate the code, it won't hide my string database information which In my opinion can be easily found using grep after decompiling the JAR using tools like JAD.
About my application:
Using a centralized MySQL database
Thousands of user
Contains sensitive information
My client uses Linux and Windows
My server uses Linux
All access are done in LAN, no outside connection (from Internet etc)
My current solutions (comments please):
Using REST APIs (safer since MySQL password is in the server)
Using Qt with encryption to the password
It depends on what kind of security are you looking for. Is this to protect the application from the user? To protect the user's data from other users? To protect multiple users' data from one another? To protect the user's data from an attacker?
In a lot of applications there's nothing wrong with storing the database login credentials in plain text. In other cases, you might try:
encrypting a user-chosen database password using a reasonably strong algorithm, e.g. Blowfish, using a hard-coded key;
having the user provide the password and "log in" to the program each time;
storing the database password in plain-text, but encrypt the data using a hard-coded key;
same as the above, but encrypt each user's data using their own provided password;
same as 2 but store each user's data in their own database with their login info as the database credentials;
storing the data on a secure remote database that users have to log into to access via a SOAP API;
using the native filesystem permissions to protect the configuration file holding the login credentials;
same as #1 but rolling your own really elaborate key-generation system: e.g. run the machine SID or a hardware id through MD5 using a randomly-generated salt, and then using the result to encrypt the login credentials.
Remember, there's no such thing as perfect security, so whatever you settle on doesn't need to be unbreakable. It just needs to be tough enough to break to make the hassle of circumventing the security mechanism exceed the value of the data. So, for example, if the data is a list of the top scores in Minesweeper, then ROT13 would probably be enough.
Edit:
I just want to add that, even if you can't get around having to hard-code an encryption key in your application, there are obfuscators for Java, .NET, and most other popular languages/frameworks. One of the key uses of these tools is to hide sensitive hard-coded strings like encryption keys.
Edit 2:
Given the additional details about the app in question, only 1, 6 and 8 would apply in this case. And a SOAP API is more appropriate for #6 as George rightly pointed out.
I also want to mention that there are Java resource obfuscators that encrypt string literals. This is just one example.
It pretty much depends in what environment your app runs
a) db and client local
b) db and client in a local network
c) db is in the internet
my two cents:
a) I would create a single db user and wouldn't use a password but restrict acces to localhost
b) direct connect to the database is fine but I would each user have to login with his own password and grant only the permissions he needs.
c) It's a bad idea to allow mysql connections to a public server. In this case webservices would be a good solution.
Anyway if your case is b or c I would stick with a login dialog for the user.
Maybe you should have a look at this http://www.greensql.net/ tool.
It is like a firewall but for mysql/postresql
So you can deny anything and only allow queries you want to.
If you are using Java for implementing your database desktop application, I would recommend to use Java DB as the database. There is a few ways of securing it, and there are alternatives to having a password in the connection string. I would recommend to read Java DB Security - Security Features in Java DB Release 10.4
It is easy to deploy your application with Java DB, since you can have much of it embedded in the same jar file. I have used it in a Point of Sale application implemented in Java.
at an application I'm working on users can forward their email-accounts to an address from our system (something like email#userid.amazingstuff.com ). It doesn't matter here why they should do this, but I need some professional advice on the best way to approach this.
The basic idea is that our mailserver receives the incoming (forwarded) mails and a mailpoller (which runs in a loop) downloads the mails from the mailserver, processes them (get the text, assigns them to an account, etc.) and saves them via an "IncomingMail" ActiveRecord Model.
But I'm not sure how the poller should connect the server? Via Imap / Pop? Or should I store the mails on the mailserver with MySQL and connect to the DB directly? Or is this a bad idea?
I need a fast, reliable and scaleable system.
Thanks for your advice!
Update
I think a DB like MySQL is always faster than parsing a file system. It should also be easily scaleable. I'm no thinking about using DBMail (http://www.dbmail.org/). Has anyone any experience using this solution? Or any further hints / comments?
Thanks!
Pop should work, check out some example code here:
http://www.ruby-doc.org/stdlib/libdoc/net/pop/rdoc/classes/Net/POP3.html