Android App to get and post data from SQL Server (security concern) - android

I am a newbie and I've read many topics related to my question, but I still have a few questions in mind for which I need your assistance. Any kind of information would be helpful.
My application: I have a web site to sell tickets and an app to sell the tickets both should access the same database (centralized Windows server).
I read many topics related to my question and understood, using jTDS would be the best idea for my requirements. But after reading the following topics, I am little bit confused whether I am moving in the right direction or not. So please help to find the right direction.
using an Android app to post entries to SQL Server
How can I use external JARs in an Android project?
My questions are:
Which is the best way to access SQL server from both my app and website?
What kind of security issues do I have to consider? As my app will be used worldwide, do I have to take a special care for security?
Any tutorial or advice will be appreciated.

You must run a webservice based on the REST or SOA to do that. REST is lightweight. I don't recommend using a JDBC connection. I am not sure jTDS would work on Android. If you are about to deploy a webservice you have to look after authentication and SQL injection.

Use a WebService to talk to the database, and the Android app will talk to the WebService. You don't want the clients to talk directly to the database. In the WebService you can do any authentication/security checks that you want. If you use stored procedures in your WebService, you don't have to worry about SQL Injection.

Related

sharing SQLite database information

I have a question regarding my app. While I was doing search for sqlite database concepts and advantages, I found that SQLite is serverless or you don't have to deal with server when you using it.
My question is, if SQLite is serverless, how two or more devices can share information in my app between them without server?
By wanting to share anything between devices you are creating a server/client scenario. i.e. Something is served from one device to a client, the other device.
SQLite is probably not the ideal solution as there is no client-server aspect included, so you'd have to write you own server and client code, which would very likely not be at all simple.
Firebase could be the simplest solution as it's a single SDK and is hosted/served by Google. This link - Add Firebase to Your Android Project - may be of interest

Android To Web Database Connection

Can someone give me a broad overview of what pieces would have to be in place to implement a user-content-driven Android app with a web-based database? Or, link me to some helpful relevant articles on web and app architecture to study?
Further, if II already have a website where people can add content and others can vote on it, and I want to have the same capabilities available via an app, utilizing the same central database, how would I proceed?
I'm guessing I could provide remote authentication into the site via the Android app, and then enable the user's content submissions and votes to sync with the database (and website), but how is that handshake process done? And what elements of the site have to be exposed for the app to "connect to"?
Where are lines drawn between a website just being presented inside an Android web view and being made mobile friendly, versus a stand-alone app having the web/database functionality?
I know if I already have a mobile-friendly website, it might seem logical to simply direct people to the mobile site, but obviously a lot of people use apps and there are some benefits over mobile web.
Sorry for such a general question, but I can't seem to find any good examples of people doing this to learn from, even though I imagine it must be very common.
Thanks!
The best practice is to build REST API on server side to manage content from database, and just hook to it with mobile apps. There is a lot of different libraries to do that on both Android/iOS
create your rest api and make it return json.
i think that the better way is to use okhttp http://square.github.io/okhttp/
for http connection,
retrofit and gson http://square.github.io/retrofit/
for parsing json results;

Trying to setup an SQL database and access it from an Android App

I'm building a new application for android and this would need to send and retreve data from an online database.
Firstly is this possible or is it a completely wrong approach?
Would i be able to tell my application to set certain data into the server and retreve other?
Does it create security risks by which anyone would be able to access the database?
It's my first time dealing with anything close to databases so i'm still learning.
Is there any website i can use which sets up an accessible SQL database?
Thanks for your help!
The Good approach for this is that you should create REST (Representational State Transfer) API on server and perform CRUD operations in your Android app using that API.
There are a lot of security problems with embedding direct database access into your app.
Usually,REST architecture is very useful to build client/server network applications. REST basically works on HTTP protocol and implementing REST is very simple compared to other methods like WSDL etc.
There are many good tutorials available on implementation of REST API that you can easily find by Googling it.
Here's one of them: http://www.androidhive.info/2014/01/how-to-create-rest-api-for-android-app-using-php-slim-and-mysql-day-12-2/
Yes, it is possible and it is not the wrong approach. Web services/REST API's are some things you should look at.
There are obvious security risks associated with having an outward facing web service or database. OWASP has a pretty good
web services guide that should get you started with the
security. You will need to address these risks prior to holding any sensitive/user information. There are plenty of guides online.
A couple of database hosting suggestions Amazon Web Services if you want it to be manage dfor you or create a VPS at Digital Ocean (or similar) website if you want to do it yourself.
Due to the open ended nature of this question there are numerous ways you can address these problems. I recommend spending a lot of time researching and analyzing them prior to starting the project and deciding on a technology.
This is not a wrong approach, most of the Android application send or receive data from online databases.
For connecting your Android app with the online database you can make of webservices , for instance you can create Rest Api for this.
For creating Rest Api using Asp.net web api visit this link
The answer for your last question would depend on the way your write your web services decide the security risk.
You can also use this reference

Cassandra DB For Android, Its APIs and How to use it?

I have been searching for NoSQL databases. In my research on the Internet I have found that Cassandra DB is the most widely used NoSQL DB. I also want to use it in my Android App but did not find anything about its Android Version.
Is there an API like CouchDB has Ektorp for using it in Android?
Am I going in the right direction with the decision of Cassandra DB?
I need its Android API and tutorial to start with? I only found this link on StackOverflow but it did not help me.
Android cassandra client example
The typical approach is to use a web server to interface into cassandra whereby you send requests to server and it gives you an XML/JSON response, that is what this answer means by creating a RESTful service.
One of the applications that made it to datastax's next great developer competition finals was an android app that did exactly this, here is the project's code.

Android - Tomcat - MySQL confusion, is this application design feasible?

I've had a look around the site for similar questions and nothing has been especially helpful. Sorry if I've missed the perfect answer that has been given before!
I'm building an Android app - it's pretty simple, it will allow registered users to access premium files online. The model I've been advised to use is connect the app to a web service (JSP) hosted on Apache Tomcat server and use this to access the files stored in MySQL database.
The web service will decrypt encrypted data passed up from the Android app and will also be responsible for encrypting the files in the database.
What I want to know is, does this make sense? Is there a much simpler solution that I could use?
Your question is very subjective, You could use any number of server-side technologies to achieve this goal.
But to answer your specific question. Yes, it does make sense to use a servlet hosted on an Apache Tomcat server. You get the benefit of using Java on both the client and server. And MySQL is as good of a choice as any for storing data.
Whether there is a simpler solution really depends on what you know. I would definitely use the approach you where advised.

Categories

Resources