Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 1 year ago.
Improve this question
I need to store a companys product data (id, prices, color etc) for about 100 products and retrieve it from both an Android app and an IOS app. The apps will be used in 10 different countries with separate languages and pricing. About 10 000 to 50 000 users/month is expected. This is not an e-commerce or online shopping app but it should display prices to users. No customer data or order data is required for now.
The company employees should be able to update product prices (and perhaps other product info) easily, i.e. some ok interface or by replacing/uploading csv files. The company employees will not be able to add new products after app launch.
Restricted access handling (read or RW permissions) is needed for security.
Could Firebase Cloud Firestore be a good solution for this?
Or is it realistic to have a set of cloud hosted csv files, say one file (~11kb) for each language?
I would prefer to avoid setting up my own database, security, API and managing frontend.
Any guidance will be greatly appreciated!
If you check out the firestore free tier you will notice that it is 50 000 reads per day. When you say up to 50 000 user per month you probably don't mean that they will be all at the same day on the app and every day. If you write your code clean and efficient you could manage to stay in the free tier.
Regarding the security you could mark some users as admins or use a role based system to ensure that only they can change the data. As I understood all other users are not authenticated but can ready data. For that I would recommend to use AppCheck. It ensures that only your Apps can access the data.
For the translations if you mean translations for each prouct name you can store the with the product document itself to reduce the amount of reads or in a subcollection of the product. Depending on your use case and need.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 1 year ago.
Improve this question
I'm sorry since I'm new to this.. I'm currently working on my startup which basically like food delivery system and I used Flutter for my app. I learned Flutter using Firebase as a backend. However, there are many sources that recommend use MongoDB as a backend database which I have zero knowledge about it. But I think that MongoDB just only offer for database crud operation. So I think for the database crud operation my app should use MongoDB. However, I think MongoDB is quite complicated when it involves authentication. So, which is better approach for me? should I use Firebase for authentication and MongoDB as the database or is it better to use only one platform for the backend whether its a Firebase or MongoDB? If I mix these two, does it will affect the pricing? Is there any ways that can make me clear which to choose.
MongoDB is an open source NoSQL database management program, which is quite useful for working with large sets of distributed data. It is mostly useful for big data applications and other processing jobs involving data that doesn't fit well in a rigid relational model.
It is an absolutely right approach to use Firebase Auth for just login or signup and the rest on MongoDB. There are 2 ways you can implement the Firebase Auth:
1. Using the SDK provided by Firebase
2. Using the Admin Auth API
You may select any of the above two approaches to save your UID on your custom Backend which might be MongoDB.
Contrarily, Firebase can also be used as backend. It provides the back-end server, a great database and analytics solution, and useful integrations with other Google products. Its free to use, affordable subscription options, wisely designed backend solution guarantees project scalability and data security makes it a great choice for backend.
However, for the vast majority of apps and use-cases, Firebase is an excellent choice. You can start with its free tier and don’t need to worry about maintenance or scalability. It’s great for small to medium developers as it allows them to lower initial costs while focusing on providing the best user experience.
When working on a heavy real-time app like chat, or some other highly collaborative experience, Firebase is still an option, though it might be a bit pricey.
However, the recommendation is always to consider your budget, the required feature set, and how much maintenance you’re willing to do on your own before making a decision.
You might also refer to this documentation, which will guide you with the pros and cons of choosing Firebase as backend.
Flutter: can I mix Firebase Auth with Mongodb Databases?
Check this similar post. If you still have doubts, feel free to ask.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
First of all, I spent some time thinking whether this question belongs to SO, so if you think it is more appropriate for some other Stack Exchange site, please feel free to recommend or migrate.
I am writing a REST application which will be able to register new users and allow the existing users to interact with each other (you can imagine a forum or a minimalistic social network, for example).
At the moment, I have a simple app setup with database schema, spring-JPA and spring-data-rest exposing all the repositories.
However, all users are now able to access all the resources from the server. I would like a user to see only his own entities: for example by going to /api/user/messages.
I am also going to use some security in the application, probably OAuth2, so I need it to be compatible.
I have read some articles and SO questions concerning this topic and decided that multi-tenancy might be a solution to my problem. Usually though, these articles work with separate databases for each client and smaller number of clients in total so I am curious whether it is actually meant to be used for a huge number of users in the system. I expect all the users to share the database with their records and use the same schema.
Is there some tutorial for this topic concerning spring boot and shared database-schema? Or is there some better approach how to solve this problem? I would be glad for any tips!
EDIT: As pointed out in the comments, using multi-tenancy might be an overkill for this task, since I only need to separate the users on entity level. I would be glad for any hint how to do that in Spring boot and JPA since I have found no tutorials concerning this topic.
There aren't many explanations on how to achieve what you've described even though it would seem to be a common problem. Hopefully the Spring team will address this very common use case. The following is what I've seen as two possible solutions, the second of which is what I use.
Complex Solution:
Spring Security ACL
Simple Solution:
#Query Method Security Expressions
Example:
#Query("select m from Message m where m.user like ?#{hasRole('ADMIN') ? '%' : authentication.name}")
#Query methods are typically used to define more complex queries than can't easily be written in the method-name query creation that is a standard mechanism of Spring Data.
You can add Security logic within a #Query method that can return different results based on who the User is.
The above example will return all Messages if the User has a Role of ADMIN, but if not it will return only their own Messages. This has the added benefit of Query optimization. You could select all the records and then programmatically filter out those that the User doesn't have access to, but for large queries this becomes a bottleneck. This will adjust the query at runtime based on who is requesting the data. I've found it to be the best way to achieve the desired behavior without implementing a full ACL.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm a newbie when it comes to security. I've read posts that mentioned that encryption alone doesn't make an app,website or database secure.
I'm also new to certificates and stuff. I've barely touched these things but I'm gonna create a website that connects to my local testing database for the purpose of testing the security and as temporary playground.
It's basically like UBER. I want to prevent the server/database from being accessed and to prevent data from being stolen, what kind of security system do I actually need for this type of website or service?
PS: Currently I'm using Bitnami WAPP stack. I use Apache/PHP combined with PostgreSQL.
Only store credit card details in your server when you can't rely on a third party. A safe way is having credit card details stored encrypted using public key cryptography using your password-protected private key, so you can reveal the credit card details on your personal machine (e.g. via javascript libraries on your web-based application) by holding the private key file and entering the password. That way the credit card details are never stored anywhere, and only visible by you and anyone you authorise by giving your private key file and password.
Using third parties like Braintree or Stripe is a highly recommended idea. Let their big teams of security experts deal with the security side of things. That way, even you and your employees can't see customers' credit card details (only the last 4 digits), but you can still charge them via the third party. Customers appreciate knowing there info is safe.
I'd rather give my card details to PayPal and let 100 companies use PayPal to charge me, instead of giving my card details to 100 companies.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I am trying to decide between two development firms. One wants to go with Parse while the other wants to build a backend. I would like to get feedback and reasons why building a backend or using a BaaS such as Parse, Stackmob is better in terms of scalability and performance.
For example let's use SnapChat a highly used app that handles millions of users and data requests. What would happen if a newly created app were to experience a large increase in users and data request. Would the backend be able to handle this? Would I be looking to have it fixed shortly after the increase in users?
Something like Parse.com gives you a lot of value for very little capital investment. With BaaS, all of the gory details of infrastructure management are hidden. Deployment, system capacity issues, system availability, system security, database administration and a myriad of other task simply go away when using a good BaaS. Parse.com for instance, uses Amazon Web Services and elastic load balancing to dynamically add more capacity to the system as usage increases. This is the nirvana of capacity management.
Parse.com is a special kind of BaaS. Parse.com's intended purpose is to be a light-weight back-end back-end for mobile apps. I believe Parse.com is a very good mobile backend-as-a-service (MBaaS - link to a Forrester article on the subject).
That said, there are times when Parse.com is not the right solution. Estimate the number of users for the application and the number of HTTP requests and average user would send in a day. Parse.com charges by the number of transactions. The Pro Plan has these limits:
15 million HTTP requests per month
Burst limit of 40 requests per second
Many small transactions can result in a higher cost to the app owner. For example, if there are 4,500 users, each sending 125 HTTP requests to Parse.com per day, then you are already looking at 16,850,000 requests every 30 days. Parse.com also offers a higher level of service called Parse Enterprise. Details about this plan are not published.
The services provided by a BaaS/MBaaS save much time and energy on the part of the application developer, but impose some constraints. For example, the response time of Parse.com might be too slow for your needs. Unless you upgrade to their Enterprise plan, you have no control over response times. You currently have no control over where your app is hosted (Parse apps are presently run out of Amazon's data centers in Virginia, I believe).
The BaaS providers I have looked at do not provide quality-of-service metrics. Even if they did, there is no community agreement on what metrics would be meaningful. You just get what you get and hope it is good enough for your needs.
An application is a good candidate for an MBaaS if :
It is simple or the application logic can run entirely on the client (phone, tablet...)
It is impossible to estimate the number of users or the number of users could be huge.
You don't want a big upfront capital investment.
You don't want to hire infrastructure specialists to handle capacity/security/data/recovery/network engineering.
Your application does not have strict response time requirements.
Parse's best use case is the iPhone developer who wrote a game and needs to store the user's high scores, but knows nothing about servers. That said, complex application like Hipmunk are using Parse. Have a look at Parse.com's portfolio of case studies. Can you imagine your application in that portfolio or is it very different from those apps?
Even if a BaaS is not the right solution, a PaaS or IaaS might be. Look at Rackspace and AWS. In this day and age, buying hardware and running a data center is tough to justify.
BaaS providers like apiomat or parse have to handle the requests of thousands of apps. Every app can have lots of users there. The providers are forced to make the system absolutely secure and scalable because if there are any issues about one of those points it will be the end of their business... Building scalable secure backends on your own is not as easy a you would expect. Those companys mentioned above have invested some man-years in that.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I wanna use mobile analytics inside my iPhone app, i have read about both they are similar to each other but some persons say that Localytics is better and others say the GoogleAnalytics is better, advice is highly appreciated.
I am currently using Localytics inside my app , it is good analytics but it has disadvantage compared to google analytics which is you can track limited events per user and if you tried to register more than that number they will remove all your events attributes, so that i will remove my localytis account and start using google analytics because it does not use such limiting , because of the importance of the events and there attributes i will leave localytics and go google analytics , All other analytics things the same
The biggest difference between Localytics and Google Analytics is that Localytics is designed for apps, not websites. Localytics collects a richer data set by default and allows you to create any number of events with any number of attributes (GA limits you to just one). SDKs are available for all leading platforms, are very lightweight and provided in source code.
Localytics has both free and paid versions. The free version, called Community, does have some limits on event occurrences, collecting personal data and data cardinality, but very few customers hit those limits. And unlike Google, Localytics doesn't sample your app usage. Additionally, Localytics Enterprise customers have access to session-level data for integration with other systems.
Much more info is available on our website, including technical docs (http://localytics.com/docs). If you don't find what you need there or you have more questions, please ping me and I would be happy to help.
Just for anyone reading this as of 2015 - Google Analytics allows up to 50 custom dimensions with your events and each event contains three hierarchical fields by default, plus a value field. Google analytics doesn't "Sample App Usage", unless you hit extraordinarily high limits, but does have reporting limits, beyond which the reports will be based on a sample of the data collected. With Google Analytics Premium you can get the unsampled data also. GA also supports tracking users between a website and native apps using a unique member token.