I've been reading http://www.html5rocks.com/en/tutorials/offline/storage/
It sounds like the database is sandboxed. This is a problem for me, because the offline web app I've written - unfortunately one of the places it is being used is in has terrible mobile coverage and no wi-fi.
So what I'd like to do is write a native app which could grab the data from the IndexedDB database. Then maybe they can put it in an email, or plug it into a computer or something... it's very messy but I don't really have any other options.
Any ideas welcome.
Instead of creating a native app, why not create an offline web app? That way you can continue using the IndexedDB database, but won't have to worry about connectivity.
The way to accomplish this is by using JavaScript Service Workers, which act as a proxy between the browser and the network. After you register a service worker, whenever the user requests a page from your site, the service worker springs into action.
So for instance, every time the user loads a page from your site, the service worker will check if there is internet connectivity, and if not, load the page entirely from the browser's cache instead of making a web request for the page. That way you can effectively create a website that works entirely offline after it's been loaded only once. Neat!
Related
I want to ask about the security of web application.
I'm developing on web site for an inventory management system by web service.
And wrapping as android application with the webview.
But my client ask the website can be opened in android application only.
I think it is possible with agent header when web server response to request.
But it just a makeshift.
So is there any way to check the website is opened in browser not authorized application?
I used spring boot for web server.
This is not possible. Once you expose an endpoint publicly, you can always try to connect to it with whatever software supporting the protocol (or an analyzer which will reverse-engineer the protocol).
This said, you can make it difficult by obfuscation.
One solution is to use information provided by the client (browser in your case). This is usually the agent header (as you mention) but can also be some fingerprinting. You could for instance detect the size of the screen and make some decisions from there on.
Another solution is to use some secrets (better call them "secrets") to show the backend application (or API) that some specific code is calling. I can imagine that you could bundle the HTML/JS/CSS code in your application, together with a key so only the application owners will be able to send a recognizable traffic (recognized by the backednd).
All of this is more or less difficult to crack but with some layers you will get rid of at least some population which would like to access the site via other means than an app.
I have created a progressive web app that simply lists links (to URLs) that when clicked uses the default browser of the device (say mobile phone) to open the URL.
Is there a way to tell the device to cache these pages so they are available offline.
This is so when my progressive web app runs offline, any links previously visited will also be able to display in the devices default browser.
You can do two things:
Pre-cache the set of links; you can do that using a library such as sw-precache
In the fetch event handler of the Service Worker of your PWA, place the URL's the user clicks on in the cache.
Option (1) has the advantage that your app will be offline-ready from the the start; and option (2) has the advantage that your app will cache only the links the user was interested in. I think your question refers to option (2); depending on your use cases, you can decide on which strategy is best.
You can lear more about a variety of caching and serving strategies in Jake Archibald's Offline Cookbook article.
I would like to serve the pages in my phonegap app from a domain.
Like a local server inside the app.
The basic app example serve the pages from file:// and one of our integrating does not whitelist it correctly.
This is not related Cordova Whitelist
Don't.
Although it is possible to host apps from a domain, it is extremely risky and presents a poor user experience in the case of no/flaky network connectivity, and app stores may reject the app. If you must update your app outside of the app store review process, you can use various code push solutions which push code to the device instead.
Risky: MITM attacks; no ability to check certificate signature prior to download; how do you handle a partial/corrupt download of the page, etc.
Poor UX: If no network connection, nothing is present to tell the user about that. If flaky network, then the app may load for a long time, or timeout, etc., and again, there's nothing to alert the user.
App store rejection: Primarily Apple here, but they tend to reject apps that are viewed as wrappers for websites. Your app must also alert the user when there is no network connection if one is required.
I've got an audio playback application. I need to add a streaming feature which works in coordination with a website. Meaning, when a new file is added to the server and playable via the website, it should automatically become playable on the app. I do not want to hard code it into the app and am looking at making it dynamic. The only solution I can think of is linking the entries to a SQL database, however, the web developer has expressed security concern. He thinks allowing applications to connect to the db could pose a risk.
Any ideas on implementing this?
I have been to similar situation many times. A web Socket is the ideal solution for such cases.
And the mobile should never connect to the db directly. the connection should be done , validated and monitored through a web service providing the Mobile with a RESTful Api.
I have been asked to write a mobile android app to interface with a website. When pulling content from the site, I don't think scraping the site would be very efficient. I would like to interface with the database. Think of the scenario as facebook mobile app interfacing with the facebook databases that fuel facebook.com (so there's a mobile app, a web app, and a database in this equation). Would I just create a db account for the mobile app and then every phone using that app would use the same database account (This sounds like a terrible idea imo)? The user will be asked to authenticate in the app before they can start getting information from the it.
In general you don't want to be accessing the database directly via the phone (if that is even possible). The more standard way with mobile clients is to build a set of RESTful APIs that you can invoke via normal HTTP GETs and POSTs. These will present the data in a more lightweight (JSON, XML) way to the app, so that the "decoding" effort is reduced. Authentication is done via standard HTTP AUTH. That's the short version.