I have a web service for my android and Iphone application that connects to online database.
now we want to apply SSL on the web server. will this effect on my web service?
will the android and iphone applications keeps running or will be stopped? because in the applications they are linked to the web service like this
http://www.example.com/service/index.php
and now after applying SSL the website will be like
https://www.example.com
should I change my applications to
https://www.example.com/service/index.php
or its ok if I kept the old link in my applications (android and iphone)?
When we enable SSL in our server we can keep our unsecure http access or redirect it to secure https.
Use secure communication is always a good practice but it will cost you a bit more of effort.
As an Android developer I was able to use https REST webservices thanks to this answer.
For iOS I have no idea but this answer could be a good starting point.
Related
I am looking for the best way, the most secure way to build Client-Server communication.
I have simple web site where I can login and sign up using well-known web secure implementation.
But I need to create standalone mobile client Android/iOS and make it possible to do the same (log in,sign up) from mobile client.
As far as mobile client will be native, not just mobile version of page. I need to create secure communication between client and server.
I have already implemented several projects using REST API with tokens over https, but it seems that there is better way to do this.
What is the most secure way to implement client server communication in this way.
Also in my case creating something like OAuth server doesn't make any sense because client communicating with server directly and I don't need to give some access to other apps like in OAuth.
Use web view but only for logging in and registering, of course on special mobile pages.
Just use https and REST API as I have done previously
Create some encrypted channel directly with TCP and sockets
I have no more IDEAS how to implement this, maybe someone can suggest how to do this or at least how this is done in apps like facebook, amazon, aliexpress .....
Thanks.
I would like to create a local multiplayer server.
My idea would be like this.
Server phone starts a server and any other device calls the server over wifi and see a html5 app. So the client devices doesn't need to download the app.
Are there any good frameworks which supports such a behavior?
I found already i-jetty (https://code.google.com/p/i-jetty/wiki/ConsoleWebApplication), but according to the wiki i need to download the app before. Another thing is I dont know how to access a database over calls to the webserver.
This is a big topic you are asking. A good starting point would be to investigate web services to get your database via a web server.
I'd recommend looking at Web Services..this is a very basic link:
http://www.w3schools.com/webservices/ws_use.asp
I am new to mobile applications. I am basically from a web development platform. I am just playing around mobile frameworks like App Framework, LungoJS, Jquery Mobile, kendo etc to gain some knowledge in this vertical.
The app I am developing is still in UI level. All I need is to fetch data from the server and populate in my app.
I need some ideas to establish server communication between the smart device and the server. My questions are
What kind of server needed for mobile applications ? A cloud or a
regular web server is enough ?
What are the ways to connect the app with the server ? ( on cross
platform mobile development )
What is the secure way to communication with the server ?
What kind of server needed for mobile applications ? A cloud or a regular web server is enough ?
Because you are creating a hybrid mobile application you can use any type of server side technology, it doesn't matter is it a classic web server technology (using Java, PHP or .NET) or some kind of cloud technology like Parse.com.
You also don't need to create anything from scratch. Best course of action would be to use some kind of micro RESTFul framework(like PHP Falcon or Java Play Framework). Read more about them here.
But, there's always a but. You can't use server side technology for classic content generation, you only need to use it to send data to your hybrid application. I will explain this later.
There's also an alternative to RESTFul services, you can create a webservice, again using Java, PHP or .NET.
What are the ways to connect the app with the server ? ( on cross platform mobile development )
You would use AJAX as a technology (in case of RESTFul), rest depends on you. You would probably do it in JSON format (or JSONP if you are doing cross-domain calls, but you don't need to think about JSONP when creating a hybrid application).
If you intend to use a web service then you would use a SOAP connection and communicate via XML format.
No matter which server side technology you use you will always use AJAX on a client side.
Now let me tell you why you should not generate your content on server side. Basically nothing can prevent you from doing that, you can generate your complete page on web server and just show it in PhoneGap app, it would still be a hybrid app. But, if you try to put this app in Apple store you will get yourself rejected.
What is the secure way to communication with the server ?
Security of course depends on server side technology. Every framework has its own kind of security handling, but all of them relay on HTTPS so you should not worry too much.
From the client side you can always encrypt JSON/XML data and send them using POST.
Examples:
If you want to use jQuery Mobile then take a look at this tutorial. It will show you basics of client - server side communication.
Since you are new to mobile application, ill try to give short answers
1) What kind of server needed for mobile applications ? A cloud or a regular web server is enough ?
A regular web server is good.
2) What are the ways to connect the app with the server ?
via web-services
3) What is the secure way to communication with the server ?
Use HTTPS webservices (SOAP, REST), HTTPS secures the transmission.
Above is a basic explanation for your quick help, I would recommend you to go through the documentation, and review some sample codes
This will really help you Sample
Please go through this link it will surely help you
http://www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/
Webserver,cloud anything is good for restful service
for security purpose you can use POST parameter to send and recieve data or if you want more security then you can encrypt and decrypt data through secure algorithm
I intend to write a multi platform smartphone app (currently only I-phone and android).
Which has to send and recieve information from a web server I intend to create.
The web server will do all the algorithms, and handles also DB connection.
My question, is how is this best accomplished, which kind of web-server technology fit best the scenario, and supports connections from various devices.
Basically, I thought about implementing a simple TCP/IP protocol, making the app (on the phone) the client, and server on the web on the other side. however, I want to deploy the application to an application server (maybe google app, JBOSS, etc.) and I don't want to be stopped by various firewalls.
does anyone has an idea ?
edit: few things are certain, the application server will be written in java, and db will be mysql.
This is a very broad question and any suggestion about which backend technology to use will depend on your language preferences, your other requirements, etc.
For starters, I'd suggest JSON over HTTP as a transport mechanism: it's easy to parse on both client and server-side, and it's directly usable in Javascript should the need arise. XML is another choice, but it can be annoying to parse.
JSON-over-HTTP (or XML) will be completely device agnostic and won't have the firewall/proxy problems you'll run into trying to do a custom-implemented TCP-based protocol.
For the backend, may folks use MySQL or Postgres for their database, and connect to it from Java, C#, Ruby, PHP, or other server-side languages. Use what you're comfortable with or what you want to learn next.
Why not write the server-side as a regular web application - in whatever technology you like (php, asp.net, java)? This way you can deploy the app on any web server and your client apps on the phones would simply establish a connection to an HTTP server. Normally, firewalls would not be a problem in such situation.
I have used this setup for my apps (both android and iphone) - connecting to a web server app written in php with postgres back-end.
What is the best solution to secure a REST service provider (assume a java servlet running on google appengine) by allowing requests only from iOS or Android device from a specific app?
Assume I have a servlet running on google appengine that does some processing and responds to a GET request with some JSON data. And I want to restrict this access to my app that runs on Android and iOS.
My current solutions are:
Use if(tokenValue ==
request.getHeader(tokenKey)) on the
appengine servlet. And
response.addHeader(tokenKey,
tokenValue) on the mobile apps'
code. So basically only my app would
know the token key.
Use HTTP(s) for the above solution, appengine supports this
Use oAuth - but I need to have the user sign-on to some oAuth provider from the app, which complicates the app
Suggest other useful approaches to tackle this problem. Assume this servlet only serves GET requests and maybe use Restlet or Jackson
Only 3 would be an appropriate solution if security is important to you. This is because anyone using the application can intercept the traffic and just replay the values against your web service. SSL offers some protection but a good attacker can work out how to capture data if they control the device. With OAuth the damage done by an attacker is limited to a single user (as long as they are not an app admin).
How about using a client SSL certificate? I haven't tried this, but I'm considering it. Here's a page that describes the approach, with some sample code:
http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html