Reputation: 635
Database password protection mobile apps iPhone/Android
I'm new to the whole mobile app development scene regarding database connection on a external server.
How is it working exactly regarding storing user and password data and execution? One parallell mindset I have is how dynamic web languages like php/asp works. When the file contaning the database username and password are stored and executed on the web server.
Is it the same for apps? Somebody who has a link to an article about this? Preferably how this work for both iPhone and Android.
Greetings
Upvotes: 3
Views: 351
Answers (1)
Reputation: 4276
I would use something like restful webservices for this.
Your web server will have (for example) php on it, then your app will make a request to that server (just like requesting a web page). That will then access the database and read and write from/to the database. Your database username and password would be secured on your server in the php code.
If you have individual username and passwords, then you will need to have some way for them to "log in" to your server. For this you might have a webservice that takes the username and password, validates them and then returns a token. This token is stored on your device and is then included in every request you make to your server and is then validated at each request.
Example... http://myserver.com/login.php - your app requests this and sends the username and password in the post request. login.php would take the username and password from the passed-in parameters and compare them against your username/password database. If validated, the php would then return a token which will then be returned to your calling app.
http://myserver.com/getData.php - your app requests this and sends any parameters required for the query and also sends the token.
On the server, the php code would take the token passed in and check that it is still valid and if so, it then runs the query on the database with the parameters supplied, using a connection that is only within your php code and returns the data which your app then displays.
This would work for any device, and would also be usable with a desktop client if you wanted to write that in the future also.
Things you might want to research.... PHP (or ASP.net or whatever you feel comfortable with) JSON (for transferring data to/from the server) SQL Injection and security techniques RESTFUL Webservices (MUCH easier than SOAP)
Upvotes: 1
Related Questions
- How to securely store a password in a mobile application
- Protect applications database
- Where can I safe store db password on Android Application?
- Proper architecture for iOS connecting to database?
- Where to store password?
- Secure database storage in Android
- How to secure database (encrypted) password on Android?
- storing confidential information in database on iPhone/Android
- Securing access to a database accessed from a mobile device
- iPhone:Create Password Protect SQLite database