It is widely known fact that to develop and android app with web content we need to have WebAPIs, In that case,
we are going to write the Database access logic in Web application API and mobile app development part in Android
I am asking this out of my curiosity, Why can't we write stored procedures in the database and consume them from the mobile app directly using JDBC? Here we are trying to eliminate the usage of Web APIs
Is using JDBC in Android app a good practice?
A JDBC connection to the Oracle Database is a stateful connection and one that's expensive to establish. It can also end up making multiple roundtrips for doing things like fetching rows from a query, doing a transaction or calling a stored procedure. For all these reasons it's preferable to make mobile apps call REST APIs which implementation can leverage JDBC connection pooling, make multiple roundtrips to the DB that's in the same network, etc.
Related
How can I create an android app that uses a mongoDB database locally i.e. Clients can make CRUD operations without connecting to a server. Sort of how SQLite is used, except this time I wanna use mongoDB.
I have checked around and what seems to be my most suitable option is using mongodb java driver, but the problem is how and what am I connecting the mongoClient to? Do I have to sort of start a server or something?
I would suggest using firebase or realm or something that comes with better native mobile support. Couchbase Mobile might be of interest too, but I have not used it. https://developer.couchbase.com/mobile
So far I think it's a security thing that you're not allowed reading/writing to an Android SQLite database outside of the containing app's process.
But are there advanced techniques or tools that can be used to achieve this?
For instance, I want to make a web interface with a textbox where the Android app would connect to and then I can run SQL queries via said interface to read the database or to insert records into it.
I'm writing this question because I'm really stumped. Usually my search gives opposite results which is accessing a remote database with an Android app.
You will have to develop an API backend. The mobile app ( client ) will communicate with the API and do the desired operation based on the response.
It's not possible to directly connect to the app sqlite database. You can send web request and get the info you want, handle it in your app to store it in the sqlite database
You will have to add security measures, so everyone can't access your API.
So far I think it's a security thing that you're not allowed reading/writing to an Android SQLite database.
Apps can read and write to their SQLite databases. Otherwise, the database would not exist.
I want to make a web interface with a textbox where the Android app would connect to and then I can run SQL queries via said interface to read the database or to insert records into it.
You are certainly welcome to embed a Web server into your app. For example, Stetho does this to integrate with Chrome Dev Tools, offering your SQL interface among other things.
However:
Doing this for anything other than a debug build of your app is very risky, as securing a Web server is difficult enough when it is on a traditional server environment, let alone an Android device
The Web server is only accessible by whatever can reach the device via an IP address, which means it's usually only useful on WiFi (where it could be reached by other devices on the same WiFi LAN segment)
Background
I have a EC2 instance with a RDS instance(MYSQL) associated with it.
I want to use a android app to execute queries on that MYSQL instance.The Android sdk of amazon does not support RDS.
Problem
How do I connect my android app with RDS instance?Is it possible to use RDS(MYSQL) with an android application without sdk support?
RDS is not a database engine. It's a service that manages the infrastructure for you that's required to maintain a highly available and fault tolerant database. It supports a number of different engines such as MySQL as you mentioned. Please read the docs for more information.
You need to connect to your RDS MySQL instance the same way you would connect to any MySQL database. Using a library that supports MySQL, and using the hostname, username and password for your database.
However, it's probably not the best design to have phone clients connecting to your database remotely. The best thing to do would be to put a REST API on AWS that interfaces with your database.
Having n users connected to your database from each handset using your app is probably a bad idea. It means you need to have more power in your database, greatly hinders your scalability and makes things less secure as the database is exposed to the internet. With an API in front of it, you can build a much more fault tolerant, scalable and solution.
The "cloud way" to build mobile apps is to (within reason) build your application logic on the cloud and simply have your client code connect to your API. This way you can spread to more platforms (eg. IOS, Web) much more easily as you won't have to manage separate application level code for each platform. You'll just need to manage code that integrates with your already existing API.
Take a look at this whitepaper. Ignore the web server tier and focus on the App Server and Database tiers. This is probably the best design to go by.
Background
I have a EC2 instance with a RDS instance(MYSQL) associated with it.
I want to use a android app to execute queries on that MYSQL instance.The Android sdk of amazon does not support RDS.
Problem
How do I connect my android app with RDS instance?Is it possible to use RDS(MYSQL) with an android application without sdk support?
RDS is not a database engine. It's a service that manages the infrastructure for you that's required to maintain a highly available and fault tolerant database. It supports a number of different engines such as MySQL as you mentioned. Please read the docs for more information.
You need to connect to your RDS MySQL instance the same way you would connect to any MySQL database. Using a library that supports MySQL, and using the hostname, username and password for your database.
However, it's probably not the best design to have phone clients connecting to your database remotely. The best thing to do would be to put a REST API on AWS that interfaces with your database.
Having n users connected to your database from each handset using your app is probably a bad idea. It means you need to have more power in your database, greatly hinders your scalability and makes things less secure as the database is exposed to the internet. With an API in front of it, you can build a much more fault tolerant, scalable and solution.
The "cloud way" to build mobile apps is to (within reason) build your application logic on the cloud and simply have your client code connect to your API. This way you can spread to more platforms (eg. IOS, Web) much more easily as you won't have to manage separate application level code for each platform. You'll just need to manage code that integrates with your already existing API.
Take a look at this whitepaper. Ignore the web server tier and focus on the App Server and Database tiers. This is probably the best design to go by.
I am in the process of developing an app with the help of someone else for a site I am developing. This app being developed will require access to the database on the web server. So my question here is typically I would want to keep my servers access limited to specific IP's however. Mobile devices all have there own ip's from what I hear. So if this is the case I essentially have to open up my database access to allow any inbound remote connection. Which is more than possible, but I forsee a potential security risk with that. namely in the notion of someone attempting to brute force the DB to gain root access or something to the effect there of. With that my question comes down to is there a more secure way of doing what I need in the overall? Is there any methods I can apply that would allow me a little more peace of mind. The DB I am currently using is mySQL, and will generally remain that type til later in the future.
Your concerns about security risks are valid. You should avoid a situation where countless mobile apps are making database connections to your MySQL database. A better solution would be to host a REST API layer in front of the database. This would allow you to control what portions of your database are accessed, but potentially include authentication routines as well. The REST web services you publish will give you the opportunity to produce permitted representations of your data rather than raw access to the data. That means in addition to producing web services, you'll need to develop the app to be a REST client that consumes these services or makes "requests" to them on an as needed basis. Obviously, this requires planning on both sides of development (back-end and front-end).
One possible solution to consider for producing REST web services is here:
http://phprestsql.sourceforge.net/
There are additional frameworks available for PHP, Java, ASP.NET and other platforms.
http://peej.github.com/tonic/
http://jersey.java.net/
Good luck!
Why not access the database via an API and then secure the API? So in essence, you should have a REST(or anything) API on your web server which your mobile application talks to which subsequently talks to the database. Accessing and securing your API will make a more cleaner and leaner design.