Connecting to Oracle from iOS App

Question

I know this has been asked a few times, but there seems to be no clear answer ... am searching on this for the past 3 days or more.

There seem to be 2 ways to connect to an Oracle database from an iOS App :

1. ODBC Client I need to compile ODBC (which ODBC?) using gcj for ARM. I think this is the hard way, wrought with errors, but possible with quite an effort.

2. USING WEB SERVICE Connect from App to webservice and from web service to Oracle DB.

Are these the 2 methods available or any other?

Few questions on the two methods: a. Which is more secure? b. Will my company's security department oppose to any of the above? c. Which is more performant? d. Which of the above does one normally use?

Answer 1

It's not a good idea to connect to your database directly from your app. It can be secure if you create an account that can do nothing but SELECT, but there are some other things to consider.

Why burden the app with the Oracle client?

If you have many users you have to worry about Oracle handling a huge number of simultaneous connections. With a Restful API requests are stateless.

If you decide to change your schema. You'll also have to change your app. When you place a service in between, the app is no longer dependent on the schema.

Answer 2

ODBC connection will require that the Oracle port is open to the Internet, which in vast majority of cases will not be allowed for security and performance reasons. Even if it were, or even if you establish a secure VPN, a direct database access requires that the connection is kept open, which can be problematic when a mobile device can go in and out of the network coverage.

HTTP is far more tolerant to unreliable networks and can be encrypted using SSL (HTTPS). The problem with HTTP is that database do not have direct support for this transport so most people develop dedicated web services.

I work on a project called SlashDB, which automatically constructs RESTful APIs out of databases. For public APIs you would install /db in so called DMZ (a network segment between two firewalls) as described in this blog post.

SlashDB can be configured to allow restricted data access to public users or you can define specific users with varying privileges to data. It is designed as stateless service, which means that you can easily set up multiple nodes behind a load balancer and reverse HTTP proxy for high availability web scale deployments.

Regardless whether you develop the web service by hand or use our product you will achieve better scalablity, performance and security for your solution than by using direct client/server approach. I would even argue that REST APIs should be used internal enterprise data integration solutions but that's a whole new topic.

Answer 3

Webservices are the answer, you do not want people connecting directly to the database from a mobile device. A Webserver will add one extra layer of security as well as the ability to handle simultaneous request without stressing the database directly

a. Which is more secure? Webservices as explained above

b. Will my company's security department oppose to any of the above? Yes, security department will insist not to open the oracle port to connect directly, unless they have it already open.

c. Which is more performant? Webservices, setting up the right cache policies in a webserver can save resources to the database.

d. Which of the above does one normally use? Webservices, because they offer you great advantages in security and performance, not only that, webservices are reusable and can be accessed by many different platforms, think on the future you might want to serve your application later on Android devices and Webservices will save you a lot of development time.

Many of today's top applications in the market use webservices, think about it.

Google Maps is a great example of how powerful webservices are!