I'm thinking about where to store the connection data to the server. This could include a URL and port, maybe more.
I thought the best for this would be to create something like a file in /assets called "config.properties". However, while doing research I did find out this is not the most popular way. But my impression is that it's bad practice to save data like this hardcoded in a static class. And also the "preferences" are more made for configurations the user can change, or for information gathered during runtime (like the user's login data or a login token).
Is there a common way how to do it? In the best case with something like a "configuration"-file?
It depends on where do you wanna use these values. If it's only used in a single class taking care of your connections you could simply have all this as class attributes.
Related
Is there a better architecture that we can follow other that making these fields static(bad for performance) or storing in Shared Preference.
Either use Shared prefs or a database. Both are optimized for quick and (more or less) safe access. It might be worth your while to read about Architecture Components, Room (or others such as ObjectBox, Realm, etc) and repository pattern.
Android Jetpack would be your best option. Check out the documentation on Data Binding, it would allow you to access fields like user_id without writing tons of boilerplate java/kotlin code, by injecting the data directly into you xml code. Here's the link: Android Jetpack Data Binding
There is nothing wrong in saving two/three Strings as static variables, In fact it is the fastest way to get repeatedly used variables. I prefer Application class to do so(static variables of Application class), but the issue is if your app happens to crash for some reason, application class is recreated and app starts from the previous activity, alas your static variables are long gone, be aware of this pitfall
Depends on how/when you are using these static elements.
A few application global variables like userSession object might make sense to store in the MyApplication file itself and made exposed throughout the app so you confirm it is valid when app returns from background each time for example.
SharedPreference is not a great place to store secure elements as it is on file storage in unencrypted xml format which rooted phones and others may have access to get to.
Database is a fine option, but it requires more code bloat and requires a database connection and query everytime you want to use the token if you don't plan to store it in RAM.
Another option is a singleton class that is meant to store your necessary application elements like FirebaseHelper for example that could populate into RAM on app startup and utilize your variables throughout the application life.
So really depends on your app needs. You can also use a SecureSharedPreference tool. There are a few open source options out there for this that you can just include in your project that encrypt the xml elements for you if you prefer to use the xml for storing these items.
If it was me, I would either you a secureSharedPref if it was simple things like userId, Token, or things like that that are fairly harmless. Of course it will encrypt them, but worst case if they got your token, they could make a few API calls if they knew what they were doing, unlikely. Now storing things like password, bank info, medical records, or anything else sensitive definitely should be in a Database. In fact, I would go one step further and layer it with SQLCipher.
So long story short is it depends on what you are storing and the risk assessment of it's content being accessed and each app will be different.
Absolutely nothing wrong with storing some static variables or singletons. Anyone building an enterprise level application will have a fair amount of statics in their application if it is architected in a good way.
I am creating app that should have offline mode, so previously downloaded data should stored somewhere, the most common way is to store data in SQLite database.
Mostly SQLite database is used with Content Provider in android. I have clear understanding what is the purpose of content provider (to share data between different apps), but in my case application will never need to share the data with other apps in the system.
Content provider has the similar interface as HTTP request (GET,POST,PUT,DELETE).
My idea is to create facade class which can be used like this getAllLatestNews(); firstly it will try to get latest data from the internet, if it fails - data from database will be used and if request is successful it also will save retrieved data to the database. This class will be facade for separating different layers of application (not to make requests from activities directly).
But now I am a little bit puzzled deciding whenever I need Content Provider or not. I can use SQLiteOpenHelper classes to retrieve and save data to the database or even use ORM library to do this.
At first I wanted to implement REST API Pattern B by Virgil Dobjanschi. But now I am not sure about this, maybe it would be better to create facade for Robospice(in my case, network request in the service) requests and do persistence there ?
Please share you thoughts about this topic, I would be grateful for any help.
EDIT
I asked this question because I feel that it is not good practice to make requests directly from activities even if they are made in service under the hood, I want to separate different layers of my application in order to make it more flexible and maintainable.
As you don't intend to share your data, i would say that implementing a ContentProvider is overkill.
Personally im a huge fan of ORM libraries (Currently i use SugarOrm in several projects), so i would go down that road.
Then at app startup, you check whether or not you have an active internet connection, and based on that you either get the latest information online, or retrieve older information from the database.
To seperate the logic a bit, i would most likely implement the getting of online information in a service, which would then store it in the database and broadcast to the activity that the information is now available, and then the activity could retrieve the information from the newly updated database.
Content Providers are absolutely for sharing data between applications and are of no use without this purpose.
If you want to use those data only in your app privately, you could use SQLite databases. Also there other objects available:
Shared Preferences
Files
Content provider has the similar interface as HTTP request (GET,POST,PUT,DELETE)
I don't think so. It's more like to SQL language.
In application there is menu in menu user can choose one of them. All required data from server. Where should I make an request and store data?
So far I made request inside fragment, but I do not want to make request per activity/fragment.
Is the good idea to make request inside main activity (of course using other thread <>). And then keep data in static list in this activity? Or is there better way to store this data?
This is a very vague question, the answer can vary by a lot based on the precise requirements.
For example if its just a boolean returned by server, sure you can save as static boolean, if the list returned is small, sure save it as static, as long as you are comfortable with loosing the data when the app is killed.
If not you need to save the data somewhere, depending on the size, type there are multiple options you can use please read http://developer.android.com/training/basics/data-storage/index.html
If you ment using Volley as a Singleton class read more in the following link.
I am trying to make an android app that requires a user to login against a MS SQL Database.
Having read around the most popular way seems to be to use JSON to do this however I'm not sure how secure this would be (especially if there is no SSL being used).
My question is what are the alternatives available and if JSON is the best/easiest way to achieve this how can I make it more secure? Is this also how big companies (such as dropbox etc) do this?
When I first started Android programming I was told that making a direct connection to the database is considered bad practice, and that an interface (JSP, PHP, .NET) should always be used. I don't know if this is a security thing or not but it would probably be the best for you.
If possible, create a .NET (or whatever server-side language you are comfortable with; .NET would probably be the easiest if you're working with a MS SQL server) page and talk to it over HTTPS (there's your security) and pass it the login info using POST. You could use JSON but name value parameters would accomplish the same thing. Have your page connect to the DB and test the information you pass it against whatever is in it. Then pass back a value that says whether it is correct or not in the response.
EDIT:
This looks like a decent guide to getting HTTPS set up on Android (just browsed through it quickly so I can't vouch for it 100%).
JSON is just the form you pass data in.
Noone stops you from using SSL for the connection. Or encrypting the JSON data in your own way.
I want to build an application where the user will have to login before using it...All the data will be stored in an SQLi database but instead of having the application talking directly to the database I want it to send the data to a middleware which will deal with the login and all the calculations that i will later need..
What would be the best/easiest way of implementing something like that?
I was thinking that a php application could do it but not sure if its the best way...
I am familiar with php, java servlets and jsp...Not sure on how to get android to work with them though...
Any help would be really appreciated...
You're barking up the right tree - you wouldn't normally want any client making calls directly to a database (whether it's a backend or local DB the same issues apply). Instead it's a better approach to simply create an object that represents whatever types of persistence logic you would want, but keep the exposed API nice an generic for your clients. This allows you to swap out actual DB instances (Oracle, for DB2, for SqlServer, for XXX, etc., etc., etc.) but not affect the client logic.
Check out the ContentResolver for an example.