We Keep Coding

what is exactly firebase and is it best choice for authentication in flutter? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I would like to know what is exactly firebase. When i want to create authentication for my app i see on google firebase is often used on flutter for do it but it is not clear what is it exactly. I have a MySQL/php api from the server side and i need to find a way for save on mobile phone an user id when the user create an account, what is the best solution for do that with security. I have seen too, there is people who uses shared preference but security is low i think

Firebase is a whole set of applications and services that acts as a link to Google Cloud, which provides these services. Here's their website.
Firebase is a toolset that (according to them) allows you to “build, improve, and grow your app”, and they give you the tools that cover a large portion of the services that developers would normally have to build themselves. This includes things like analytics, authentication, databases, configuration, file storage, push messaging, etc.
This is different than traditional app development, which typically involves writing both frontend and backend software. The frontend code just invokes API endpoints exposed by the backend, and the backend code actually does the work. With firebase, your app accesses those services directly (or, allows you to write APIs to handle that, if needed)
These are the firebase functions that (arguably) are the most commonly used amongst developers.
Authentication — SECURE user login and identity, with applicable
rules
Realtime Database — realtime, cloud hosted, NoSQL database (older
version)
Cloud Firestore — realtime, cloud hosted, NoSQL database (but with
better queries)
Cloud Storage — massively scalable file storage
Cloud Functions — “serverless”, event driven backend (this is where
you'd write your
APIs)
Firebase Hosting — global web hosting (this is GREAT for flutter
because you can upload your designs immediately without paying for
it.)
ML Kit — SDK for common ML tasks
Here are all their services... but I haven't used most of them.
Finally, the great thing about firebase is that all their functionality is free, and you only start paying when the traffic starts growing.
Is it the best choice for authentication? Without. a. doubt. Not only is it secure, it provides a wide range of side services like "login with your google/facebook/whatever account" and "Forgot your password" retrievals. But it also allows for full token authentication, and access rules.
Sources:
https://firebase.google.com/
https://medium.com/firebase-developers/what-is-firebase-the-complete-story-abridged-bcc730c5f2c0
https://howtofirebase.com/what-is-firebase-fcb8614ba442

as u have api already then what u can definitely use firebase for verifying the phone number of user & then continue him to register that way u can get verified phone number of user.
u dont have to save phone number of user u can get it using
await FirebaseAuth.instance.currentUser().phoneNumber
what shared preference is used for is to store basic info about user like phone number, username, isLogin etc. but if u care about security which i dont think u need to worry about u can use another package like hive which uses AES 256 CBC with PKCS7 padding encryption.

Is it safe to use Firestore and its features via client only? [duplicate]

This question already has an answer here:
Why is it okay to allow writes into Firebase from the client side?
(1 answer)
Closed 3 years ago.
If I use the prod environment variables in my App and set the server side rules for Firestore, would my app be completely secure to perform CRUD and authentication? I am asking this because I have been seeing Angular tutorials by pretty famous YouTube content creators (Fireship) and they do not touch server side code and still show how to make a production applications. All the tutorials use only Angular and some libraries to produce the apps and features but then the console on Google says not to expose the API keys. Using only client side Angular even in production environment variables exposes the private keys right?
So in short, should I be using Node to CRUD and Auth with Firestore, or server-side rules on the console works safe?

The configuration that you use on the client to get it to communicate directly with Firebase services is does not include a private API key. Much has been said about this in various forums over the past few years. The thing you see that might be labeled an API key is actually public information. It helps the client library locate the project it's working against. The API keys you want to hide are those that exposed direct access to other billed services, including Google Cloud service accounts.
You limit access to Firebase backend services (Cloud Firestore, Realtime Database, Cloud Storage) using security rules to determine what a user can or can not do with the data stored in it. If you don't do this correctly, you could have problems.
Whether or not you want to let the client access the services directly or make the client go through some middleware you write should be decided by other reasons, as discussed in this article.

Connecting to Oracle from iOS App

I know this has been asked a few times, but there seems to be no clear answer ... am searching on this for the past 3 days or more.
There seem to be 2 ways to connect to an Oracle database from an iOS App :
ODBC Client
I need to compile ODBC (which ODBC?) using gcj for ARM. I think this is the hard way, wrought with errors, but possible with quite an effort.
USING WEB SERVICE
Connect from App to webservice and from web service to Oracle DB.
Are these the 2 methods available or any other?
Few questions on the two methods:
a. Which is more secure?
b. Will my company's security department oppose to any of the above?
c. Which is more performant?
d. Which of the above does one normally use?

Webservices are the answer, you do not want people connecting directly to the database from a mobile device. A Webserver will add one extra layer of security as well as the ability to handle simultaneous request without stressing the database directly
a. Which is more secure?
Webservices as explained above
b. Will my company's security department oppose to any of the above?
Yes, security department will insist not to open the oracle port to connect directly, unless they have it already open.
c. Which is more performant?
Webservices, setting up the right cache policies in a webserver can save resources to the database.
d. Which of the above does one normally use?
Webservices, because they offer you great advantages in security and performance, not only that, webservices are reusable and can be accessed by many different platforms, think on the future you might want to serve your application later on Android devices and Webservices will save you a lot of development time.
Many of today's top applications in the market use webservices, think about it.
Google Maps is a great example of how powerful webservices are!

It's not a good idea to connect to your database directly from your app. It can be secure if you create an account that can do nothing but SELECT, but there are some other things to consider.
Why burden the app with the Oracle client?
If you have many users you have to worry about Oracle handling a huge number of simultaneous connections. With a Restful API requests are stateless.
If you decide to change your schema. You'll also have to change your app. When you place a service in between, the app is no longer dependent on the schema.

ODBC connection will require that the Oracle port is open to the Internet, which in vast majority of cases will not be allowed for security and performance reasons. Even if it were, or even if you establish a secure VPN, a direct database access requires that the connection is kept open, which can be problematic when a mobile device can go in and out of the network coverage.
HTTP is far more tolerant to unreliable networks and can be encrypted using SSL (HTTPS). The problem with HTTP is that database do not have direct support for this transport so most people develop dedicated web services.
I work on a project called SlashDB, which automatically constructs RESTful APIs out of databases. For public APIs you would install /db in so called DMZ (a network segment between two firewalls) as described in this blog post.
SlashDB can be configured to allow restricted data access to public users or you can define specific users with varying privileges to data. It is designed as stateless service, which means that you can easily set up multiple nodes behind a load balancer and reverse HTTP proxy for high availability web scale deployments.
Regardless whether you develop the web service by hand or use our product you will achieve better scalablity, performance and security for your solution than by using direct client/server approach. I would even argue that REST APIs should be used internal enterprise data integration solutions but that's a whole new topic.

I am going to repeat what everyone else said, Rest API is the way to go. Do not connect to the database directly. However, there might be a way to connect to your database which I never tried my self.
http://odbcrouter.com/iosvsweb#hn_iOS_Open_Database_Connectivity_SDK

Amazon web services issue. Should I pay for the web services? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm new in iOS development, and I faced an issue with amazon.
I wanna gain information about amazon products with amazon web servises. I wanna enter the keyword and get information about proper products.
I looked at http://aws.amazon.com/mobile/ and saw that I should register. During the registration Amazon asked me about my Visa card information and then tried to withdraw 1 dollar.
The questions are:
Should I pay for amazon web services
Is it compulsory to register or I can just download Amazon sdk from http://aws.amazon.com/sdkforios/
Can you give some Amazon sdk code examples?

AWS is paid service. So, it's not a matter whether you should or not pay for using AWS. You MUST pay for the capacity you have used.
The pricing differs between the various services and is typically listed in http://aws.amazon.com/<service name>/pricing/. Here are couple of examples - EC2, S3.
Note that for some of the services there is a free tier for about a year, as long as you stay under certain amount of usage. So, while you WILL get a bill every month, that bill might be for $0.
More about the AWS Free Usage Tier.
You can download the client SDKs freely and write code against it. However, to actually run it against AWS, you will need AWS Access Key ID and Secret Access Key, so that AWS servers can authenticate the requests from your application (and incidentally also bil you properly for your usage).
You should start with the Getting Started with the AWS SDK for iOS and the AWS SDK for iOS FAQs. The SDK also contains bunch of sample apps into the <SDK install folder>/samples folder.
Update:
Ah, you want to search the Amazon catalog? That's different from AWS. AWS is intended to provide you access to computing resources (storage, CPU, load balancing, and so on) for your own services. For your scenario you need to use the Amazon Affiliate Program Product Advertising API.
While that API does share credentials with AWS (it uses the AWS Access Key ID and Secret Key), it most likely is free (but double check to be sure), as amazon will be making money on any product your users buy.
Also, the Product Advertising API does not have client SDKs (as far as I know), so you will have to deal with making the HTTP requests yourself. The API supports both REST and SOAP, so you can choose your own poison. There's also bunch of samples for both server and client apps, in PHP, C#, Java, Node.js, Ruby, and so on.

AWS is great! Its totally worth the price. So you can download the AWS iOS SDK and integrate it into your project; however, before it will work you need to signup. I would give you some examples but I don't fully understand what you're asking. The AWS iOS SDK has tons of code samples in it. If you want, you can comment on this post what you want to use AWS for and then I can help you come up with the code to achieve it :) I hope you have fun with iOS Development, its great :)
Good Luck!

Are you maybe confusing Amazon web services with a request API? You said:
I want to enter the keywork "iphone" and get some iphone products on amazon with its description and price
That is what an amazon web API would do (from this question, I understand there is maybe no such thing for Amazon?). AWS is a cloud service where you can run your programs and pay according to the resources you use. Think of that as a web host.
All in all, AWS is not directly related to Amazon content, if I understood correctly this is not what you want.

Yes of course you have to pay.
You can download it without registration, but you have to register to use it.
There is Documentation in AWS SDK for iOS.

Strategies for "Always-Connected" Windows Client Data Architecture

Let me start by saying: this is my 1st post here, this is a bit lenghty, and I havent done Windows Forms development in years....with that in mind please excuse me if this isn't directly a programming question and please bear with me as I really need the help!!
I have been asked to develop a Windows Forms app for our company that talks to a central (local area network) Linux Server hosting a PostgreSQL database. The app is to allow users to authenticate themselves into the system and thereafter conduct the usual transactions with the PG database. Ordinarily, I would propose writing a webforms app against Mono, but the clients need to utilise local resources such as USB peripheral devices, so that is out of the question. While it might not seem clear, my questions are italised below:
Dilemma #1:
The application is meant to be always connected. How should I structure my DAL/BLL - Should this reside on the server or with the client?
Dilemma #2:
I have been reading up on Client Application Services (CAS), and it seems like a great fit for authentication, as everything is exposed via URIs. I know that a .NET Data Provider exists for PostgreSQL, but not too sure if CAS will all work on a Linux (Debian) server? Believe me, I would get my hands dirty and try myself, but I need to come up with a logical design first before resources are allocated to me for "trial purposes"!
Dilemma #3:
If the DAL/BLL is to reside on the server, is there any way I can create data services, and expose only these services to authenticated clients. There is a (security) requirement whereby a connection string with username and password to the database cannot be present on any client machines...even if security on the database side is quite rigid. I'm guessing that the only way for this to work would be to create the various CRUD data service methods that are exposed by an ASP.NET app, and have the WindowsForms make a request for data or persist data to the ASP.NET app (thru a URI) and have that return a resultset or value. Would I be correct in assuming this? Should I be looking into WCF Data Services? and will WCF work with a non-SQL Server database?
Thank you for taking the time out to read this, but know that I am desperately seeking any advice on this! THANKS A MILLION!!!!
EDIT:
I am considering also using NHibernate as my ORM

Some parts of your questions are complicated and beyond my expertise. However, in general you can do almost anything you put effort into, CAP theorem and the like aside.
DAL/BLL stuff in general can reside in any of the tiers. I put a lot of this in my database and some in the middle tier, however this is to allow re-use in different environments which may or may not be a goal for you. The thing is I would think through carefully the separation of concerns issues here and what sorts of centralization of logic you want to place. The further back, the more re-usable this becomes but this is not always a free tradeoff.
I am not entirely familiar with CAS but it looked like AJAX kinds of stuff from what I saw on the MSDN web site. That could be wrong, but if it is right, then you have an issue in that such requests may be stateless and this could be an issue if you need a constant connection.
On the whole based on what you are saying it sounds cleanest to do a two tier rather than a three tier app, and have the DAL/BLL sit on the client, possibly supported by stored procedures in the server. You can then set PostgreSQL up to authenticate against whatever you use on your network (KRB5 if AD is what I would recommend). This simplifies your data access, and it allows you to control permissions based on the authentication against the database. Since you can authenticate users based on AD, you can then set permissions accordingly.
One important consideration is going to be number of connections. PostgreSQL does have some places where every current connection must be checked and iterated through, and connection startup and tear-down overhead in some cases can be significant. So one important decision will involve connection pooling. Whether or not you use connection pooling to boost performance will depend on what you are doing but I have seen cases where PostgreSQL has handled 600 connections without serious problems.