Currently I am building an app using phonegap for the Android and iOS systems. Essentially, it will be a website but I am running into some difficulties due the cross domain requests I need to make via ajax (same origin policy). Im wondering if its better to make the website on my own servers, where PHP is allowed, and then use a wrapper/frame in phonegap to emulate the site? How would that work?
Help appreciated
You shouldn't be having this problem at all. PhoneGap apps are loaded on the device as local file:// pages, and the cross-domain security policy does not apply to them.
From the PhoneGap FAQ:
Q. I want to create an application for phonegap to access externally deployed web services via AJAX. How can i resolve the issue with the
cross-domain security policy of XmlHttpRequest?
A. The cross-domain security policy does not affect PhoneGap applications. Since the html files are called by webkit with the file:// protocol, the security policy does not apply.
(in Android,you may grant android.permission.INTERNET to your app by edit the AndroidManifest.xml)
If you are having issues with cross-domain requests then consider using something like jsonp as the data interchange format. Where are you requesting the data from?
If I understand correctly, you want to create a PHP proxy for a cross domain service so that you can access it with your mobile app using phonegap? This is a pretty common thing, its done a lot in Flash as well to get past cross domain restrictions.
For one of my demos I need to access Google Images from Flash. To do so I created a VERY simple PHP proxy on my server called imageproxy.php. Here's the complete code:
<?php
readfile($_POST['url']);
?>
Yep, thats its. So in your case, if you were using this PHP proxy on your server, you would send this proxy your target URL as a post variable and the proxy makes the request and returns the response via readfile().
Related
I want to ask about the security of web application.
I'm developing on web site for an inventory management system by web service.
And wrapping as android application with the webview.
But my client ask the website can be opened in android application only.
I think it is possible with agent header when web server response to request.
But it just a makeshift.
So is there any way to check the website is opened in browser not authorized application?
I used spring boot for web server.
This is not possible. Once you expose an endpoint publicly, you can always try to connect to it with whatever software supporting the protocol (or an analyzer which will reverse-engineer the protocol).
This said, you can make it difficult by obfuscation.
One solution is to use information provided by the client (browser in your case). This is usually the agent header (as you mention) but can also be some fingerprinting. You could for instance detect the size of the screen and make some decisions from there on.
Another solution is to use some secrets (better call them "secrets") to show the backend application (or API) that some specific code is calling. I can imagine that you could bundle the HTML/JS/CSS code in your application, together with a key so only the application owners will be able to send a recognizable traffic (recognized by the backednd).
All of this is more or less difficult to crack but with some layers you will get rid of at least some population which would like to access the site via other means than an app.
I am looking for a way to read the system logs of a connected device via a web application. Basically, I want the user to be able to connect their iphone, android, tablet etc and be able to see what is occurring on their device at the system/consoleLog level. Similar to adb logcat. This would be a via a web application and not on software installed locally. Is this feasible using react/nodejs? What technologies should I consider using?
There're several components you need for achieving this.
Backend
File Monitoring (Native Node.js fs.watch)
Real-time update (Socket.io)
Frontend
Any framework you're comfortable with, I'm using React.js with socket.io client
What you are trying to do is possible, but in a very limited sense.
Your users will be required to manually upload their log files to your web application.
You can "ask" them to do this by using the FileReader api in javascript. Here is a demo page.
As you can see you must manually select a file to be uploaded and give the website. To programmatically set the path of a log file and try to call it without the user noticing is not possible.
The reason for this is anything you make that is served via a web application will run in the sandbox of the users browser.
For obvious security reasons a browser won't let random websites read/write to local files of a persons phone without explicit permission.
Node.js won't help you here because in order to use the functions Node.js has such as accessing local system files the app would have to be installed locally and not running in a "browsers sandbox".
I hope this helps. If you want more examples of the filereader api let me know and I can write something up for you.
I have a web service for my android and Iphone application that connects to online database.
now we want to apply SSL on the web server. will this effect on my web service?
will the android and iphone applications keeps running or will be stopped? because in the applications they are linked to the web service like this
http://www.example.com/service/index.php
and now after applying SSL the website will be like
https://www.example.com
should I change my applications to
https://www.example.com/service/index.php
or its ok if I kept the old link in my applications (android and iphone)?
When we enable SSL in our server we can keep our unsecure http access or redirect it to secure https.
Use secure communication is always a good practice but it will cost you a bit more of effort.
As an Android developer I was able to use https REST webservices thanks to this answer.
For iOS I have no idea but this answer could be a good starting point.
I am new to mobile applications. I am basically from a web development platform. I am just playing around mobile frameworks like App Framework, LungoJS, Jquery Mobile, kendo etc to gain some knowledge in this vertical.
The app I am developing is still in UI level. All I need is to fetch data from the server and populate in my app.
I need some ideas to establish server communication between the smart device and the server. My questions are
What kind of server needed for mobile applications ? A cloud or a
regular web server is enough ?
What are the ways to connect the app with the server ? ( on cross
platform mobile development )
What is the secure way to communication with the server ?
What kind of server needed for mobile applications ? A cloud or a regular web server is enough ?
Because you are creating a hybrid mobile application you can use any type of server side technology, it doesn't matter is it a classic web server technology (using Java, PHP or .NET) or some kind of cloud technology like Parse.com.
You also don't need to create anything from scratch. Best course of action would be to use some kind of micro RESTFul framework(like PHP Falcon or Java Play Framework). Read more about them here.
But, there's always a but. You can't use server side technology for classic content generation, you only need to use it to send data to your hybrid application. I will explain this later.
There's also an alternative to RESTFul services, you can create a webservice, again using Java, PHP or .NET.
What are the ways to connect the app with the server ? ( on cross platform mobile development )
You would use AJAX as a technology (in case of RESTFul), rest depends on you. You would probably do it in JSON format (or JSONP if you are doing cross-domain calls, but you don't need to think about JSONP when creating a hybrid application).
If you intend to use a web service then you would use a SOAP connection and communicate via XML format.
No matter which server side technology you use you will always use AJAX on a client side.
Now let me tell you why you should not generate your content on server side. Basically nothing can prevent you from doing that, you can generate your complete page on web server and just show it in PhoneGap app, it would still be a hybrid app. But, if you try to put this app in Apple store you will get yourself rejected.
What is the secure way to communication with the server ?
Security of course depends on server side technology. Every framework has its own kind of security handling, but all of them relay on HTTPS so you should not worry too much.
From the client side you can always encrypt JSON/XML data and send them using POST.
Examples:
If you want to use jQuery Mobile then take a look at this tutorial. It will show you basics of client - server side communication.
Since you are new to mobile application, ill try to give short answers
1) What kind of server needed for mobile applications ? A cloud or a regular web server is enough ?
A regular web server is good.
2) What are the ways to connect the app with the server ?
via web-services
3) What is the secure way to communication with the server ?
Use HTTPS webservices (SOAP, REST), HTTPS secures the transmission.
Above is a basic explanation for your quick help, I would recommend you to go through the documentation, and review some sample codes
This will really help you Sample
Please go through this link it will surely help you
http://www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/
Webserver,cloud anything is good for restful service
for security purpose you can use POST parameter to send and recieve data or if you want more security then you can encrypt and decrypt data through secure algorithm
I am building a webapp that cannot be put into the app store (security reasons). The webapp needs access to more data than can be held in localStorage or other offline-storage means (let's say up to 1GB of data).
My idea of a solution is to code up an HTTP server for Android and iOS, and then get/post data with AJAX so I can have access to the device's internal storage.
My question is,
Can this be done on iOS and Android?
By 'Can', I mean both technically (is there API access to the required components, and can it be always running in the background) and legally (is it consistent with the terms of service of both the App Store and Android Marketplace).
I don't know much about either platform and the capabilities, but I could figure it out if I was confident that it is possible.
The reason for this is so that large amounts of data can be made available all the time to a webapp, regardless of the presence of wifi or a cell-tower.
Yes
Android examples: How to create a HTTP server in Android?.
iOS examples: iPhone HTTP Server.
For a full app that uses an http server, check out Websharing on Android.