Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am new to IOS development.
I am going to make a Bilingual Dictionary App for IOS. I have two options in front of me for choosing database. SQLlite and MySQL.
If I choose SQLLite then I believe I will have to pack the database with the app. Every user who will use this app the database will be downloaded to his device.
is it a good approach ?
or I should use MySQL ? that stays on the server and app will connect back and forth to get data from it.
Please guide which database should I use for Bilingual Dictionary Mobile app ?
Or If there is anything else I am missing ?
Thanks in advance !!
There are advantages and disadvantages to each, depending on the functionality and user experience you prefer. Unless you plan to update the content frequently, you wouldn't expect it to change constantly, so there isn't an essential need to provide dynamic content. However, hosting the content online can save a lot of space, which for some mobile users may be limited.
However, to me the most important factor to consider is that as a bilingual dictionary, you may have a substantial market of people who are travelling. People who are travelling often don't have data service, and thus must rely on wifi if they want to access this dictionary. As someone who travels with my cellphone, having a dictionary which does not require a data connection is a major functional advantage, and as a designer I would want to provide this functionality, even if just as an option. This may change if you expect that the greater part of your market is not going to use it while travelling.
Agree with Mitch Goshorn's answer. I don't know if you're worrying about the "security" of your database or you just want to save space on device. But I suggest the local one (SQLite). In case that you don't want user to steel your database by hijacking the application folder, you may want to think about encryption. Sorry if this is not considered to be an answer cause I don't have enough reputation to comment.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a website where I put music, but I do not want anyone downloading it, or it gets harder and just listening online, like YouTube.
Unfortunately, no. It is a bit like trying to prevent someone from recording an on-air broadcast. When you send video data over the internet to someone's player, they can simply store the information being sent to the player unless you obfuscate it and make it so that the player will only work under certain circumstances and will not share the data. This, by definition, is DRM.
What DRM attempts to do is control the reading of the data entirely, so that it can not be copied. This has varying degrees of success and rarely, if ever, works particularly well. It may keep honest people honest, but if you are sending someone data in a way that they can access it, measures to try to stop them from copying it are... difficult. The most advanced systems use special display drivers and encrypt the data right up to the point it is being displayed on the screen (HDCP), that way other software on the computer can't directly pull the information off the frame buffer being prepared for the screen.
There may be some ways you can mildly obfuscate the access to your video, but ultimately, if you send it in the clear, it is trivial for a knowledgeable viewer to store the datastream. If you use DRM, it is substantially harder, but still likely to be able to be worked around by a dedicated attacker.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I was just thinking of possible ways to go about temporary login systems. I was thinking having a bunch of your standard images with a jumbled up word and users type in the word. I would have a MySQL table where all the photos have a unique id, link and answer-key. that way the webpage just has to choose a random number the GET photo where id = random number. then compare what the user types in to the answer key of the photo.
I'm not currently trying to create this system, it seems very simple and I was just trying to think if it is a secure system that would work.
so my question really is, would there security risks with this, is it robust enough to keep out bots, would my site be destroyed 10 seconds after implementing it.
What you're describing sounds exactly like a CAPTCHA system. These are used widely to prevent bots from issuing automated requests against an interface. The problem is that it's hard to make images that a bot can't just interpret anyway.
Outsmarted: Captcha security not much of a gotcha is an article about some Stanford researchers who developed an image-recognition tool (which is not publicly available) to test captcha implementations:
Decaptcha was able to decode 66 percent of the Captchas used by Visa's Authorize.net payment site, 70 percent of Blizzard Entertainment's Captchas -- the company's games include World of Warcraft and Diablo -- and 25 percent of Wikipedia's. About one-fifth of Digg.com's Captchas and almost that many of CNN.com's were decodable.
The researchers recommended Google's reCAPTCHA as a much more effective system. You can add a reCAPTCHA widget to your own website. This would be safer and easier than trying to develop your own and find it to be too weak.
Short answer: No, it's not secure. If someone really wants to hack your system he can build his own database of image-word.
The key is to invest in security less than it will cost you if your system will be compromise, so I won't invest in a security system too much (it sounds like you don't really have a sensitive information to hide).
BUT, you have an easy & free solution. You can use reCaptcha, not only it's much more secured, you'll help digitize some useful information.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm looking for a new CMS to host my new blog and I was deciding what the best route would be, either using MySQL or a file-based CMS.
I'll probably be writing on the blog every other day so I'm looking for speed.
Does anybody know which one would be better for speed / security?
Thanks!
I'd highly recommend one of the popular ones such as Joomla, Wordpress, or Drupal (why re-invent the wheel?). They're heavily supported by the community, so the standard concerns like security and such are usually found and fixed before you're even aware they existed. My personal favorite is Joomla because of the extensive collection of extensions that are available, with a great many of them focused on social media such as twitter and facebook to "spread the word" from what you're putting on your site.
For security, I see storing content in a database as being more secure, as database access requires one more level of authentication than simply storing content in a file.
If a user pokes around your system and finds your include folder, then all content could potentially be exposed by guessing the paths. Since the database is usually abstracted away from your front-end application, accessing its content by simply guessing url paths is much harder to do.
In addition, your application will probably only expose certain fields from your database to the front-end, (assuming your database access functions are properly written to prevent things like SQL injection etc).
Unless you expect seriously high volumes of traffic on your site, you probably won't notice much of a difference between reading from a file vs. reading from a database.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have been task with the mission of creating a phone solution where clients call a number and using the phone keypad they enter a product ID and base on that ID they should hear the product description that is stored as text in MySQL (text to voice). If they are happy with the product or products they will get an email with all the list of product and their details.
Can anyone point me into the right direction on what to use for this phone server?
Note: maybe I just don't know what to call each service, but that is what needs to be accomplish. I am going crazy reading about trunks, pbx and Asterix
What you are looking for is an Interactive Voice Response system (IVR). There are existing systems that can be programmed for individual applications.
The W3C even has a standard called VoiceXML, which is a standard for interaction between voice systems and computers.
Unfortionately, that is the extent of my knowledge on the topic.
Honestly, Asterisk is not very difficult to set up and get running for something like this. Get an inexpensive and unlimited inbound SIP channel from Callcentric or another trunk provider, and write your IVR as the default extension in the dialplan.
Don't let yourself get overwhelmed. You only need to define your trunk as a SIP peer in sip.conf to get the box talking to your provider, and the dialplan syntax is very, very simple. You don't really need any other configuration for Asterisk itself, unless you have to use a land line, which would require a digium or sangoma board with fxo ports on it, and configuration of the zaptel drivers within asterisk.
Text to speech isn't likely to be as great as you'd like, but it may not be feasible to record all of the audio files that you'd need. The problem is that cloud IVR providers may not be cost effective for your application.
Any other questions, please don't hesitate to ask.
If you don't want to deal with Asterisk, there are other web-based options as well. The one I know the best (because I work there) is Twilio which lets you build phone applications the same way you build web applications. It's much simpler than setting up and hosting your own Asterisk instance and dealing with carrier connections. There are other similar services out there as well.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I am developing an open source desktop twitter client. I would like to take advantage on the new xAuth authentication method, however my app is open source which means that if I put the keys directly into the source file, it may be a vulnerability (am I correct? The twitter support guy told me).
On the other hand, putting the key directly into a binary also doesn't make sense. I am writing my application in python, so if I just supply the pyc files, it is one more seconds to get the keys, thanks to the excellent reflection capatibilities of Python. If I create a small .so file with the keys, it is also trivial to obtain the key by looking at the raw binary (keys has fixed length and character set).
What is your opinion? Is it really a secutiry hole to expose the API keys?
Security hole? In broad terms, yes. Realistically though, these aren't nuclear launch codes we're talking about.
About the worst thing that could happen is that someone could take and use your app's keys to do something against Twitter's TOS that will end up getting the keys banned. No user data would be vulnerable since you're not distributing the user tokens (that would be much worse from a security standpoint). Since anyone can register an app in 2 seconds at no cost, the only reason to do that kind of impersonation would be specifically to besmirch the reputation of you or your app.
One thing you could do is leave them out of the source code but make it clear that user's compiling from source need to obtain their own keys and put them in the appropriate place, but leave them in the binary version that you distribute. Not 100% secure, but makes it that little bit harder that will deter a certain number of n'er-do-wells.