(sorry for reposting this question, for some reason I can't log in to the other account)
Is RESTlet the best choice for performing the following server/client architecture?
1- we have a server containing a database and an ftp server (within a network of 20 clients)
2- the various users on the network can create user accounts (there exists different access permissions)
3- users should be able to:
(a) retrieve data from the database or files from the ftp server
(b) store data in the database or upload files to the ftp server
This is not a web application that requires a UI, the thing is that multiple programs (with UI) will be developed on the clients computers and these programs should interact with the API in order to do points (a) and (b) as accessing the data on the server and displaying them on the UI of these programs.
I made a research so far, but would like to get more expert opinion from you. Thank you in advance
As far as I can see, this is perfectly doable with Restlet. Actually, you can use any technology to implement your web API resources: databases, files, FTP sites, pure logic, etc.
Related
I know this has been asked a few times, but there seems to be no clear answer ... am searching on this for the past 3 days or more.
There seem to be 2 ways to connect to an Oracle database from an iOS App :
ODBC Client
I need to compile ODBC (which ODBC?) using gcj for ARM. I think this is the hard way, wrought with errors, but possible with quite an effort.
USING WEB SERVICE
Connect from App to webservice and from web service to Oracle DB.
Are these the 2 methods available or any other?
Few questions on the two methods:
a. Which is more secure?
b. Will my company's security department oppose to any of the above?
c. Which is more performant?
d. Which of the above does one normally use?
Webservices are the answer, you do not want people connecting directly to the database from a mobile device. A Webserver will add one extra layer of security as well as the ability to handle simultaneous request without stressing the database directly
a. Which is more secure?
Webservices as explained above
b. Will my company's security department oppose to any of the above?
Yes, security department will insist not to open the oracle port to connect directly, unless they have it already open.
c. Which is more performant?
Webservices, setting up the right cache policies in a webserver can save resources to the database.
d. Which of the above does one normally use?
Webservices, because they offer you great advantages in security and performance, not only that, webservices are reusable and can be accessed by many different platforms, think on the future you might want to serve your application later on Android devices and Webservices will save you a lot of development time.
Many of today's top applications in the market use webservices, think about it.
Google Maps is a great example of how powerful webservices are!
It's not a good idea to connect to your database directly from your app. It can be secure if you create an account that can do nothing but SELECT, but there are some other things to consider.
Why burden the app with the Oracle client?
If you have many users you have to worry about Oracle handling a huge number of simultaneous connections. With a Restful API requests are stateless.
If you decide to change your schema. You'll also have to change your app. When you place a service in between, the app is no longer dependent on the schema.
ODBC connection will require that the Oracle port is open to the Internet, which in vast majority of cases will not be allowed for security and performance reasons. Even if it were, or even if you establish a secure VPN, a direct database access requires that the connection is kept open, which can be problematic when a mobile device can go in and out of the network coverage.
HTTP is far more tolerant to unreliable networks and can be encrypted using SSL (HTTPS). The problem with HTTP is that database do not have direct support for this transport so most people develop dedicated web services.
I work on a project called SlashDB, which automatically constructs RESTful APIs out of databases. For public APIs you would install /db in so called DMZ (a network segment between two firewalls) as described in this blog post.
SlashDB can be configured to allow restricted data access to public users or you can define specific users with varying privileges to data. It is designed as stateless service, which means that you can easily set up multiple nodes behind a load balancer and reverse HTTP proxy for high availability web scale deployments.
Regardless whether you develop the web service by hand or use our product you will achieve better scalablity, performance and security for your solution than by using direct client/server approach. I would even argue that REST APIs should be used internal enterprise data integration solutions but that's a whole new topic.
I am going to repeat what everyone else said, Rest API is the way to go. Do not connect to the database directly. However, there might be a way to connect to your database which I never tried my self.
http://odbcrouter.com/iosvsweb#hn_iOS_Open_Database_Connectivity_SDK
i am working on a ipad app, i need to write some data to a remote online database , can i do this with out using web service,,, i need some advice,,,
thanx in advance
Technically this is possible, there are remote database drivers for the iPhone platform, for example Flipper.
However, I'd strongly recommend use some kind of "Service" to do your database access. This could be a full SOAP/HTTP WebService, a RESTful Service, or even just a little bit of php that you invoke over http or https. Don't be concerned that developing this "Service" will be lots of work, it need take no more than an hour or two. In fact with a product such as Worklight it took me literally 15 minutes using the Worklight SQL adapter. (Disclaimer I work for IBM, we recently acquired Worklight.)
There are several reasons to prefer using an intermediary service rather than direct access to the DB from the client. Here's a couple:
Scalability. Each user's connection to the DB consumes server side resources, if your app is widely used then you could end up with many tens of thousands of simultaneous connections. The service approach uses Web-facing connections to the phone, using (for example) web containers designed for high numbers of concurrent sessions, and then funnels down to a few database connections. Even very busy web sites tend to use (and reuse) only a small number (a few 10s) of database connections.
Security. It is strongly recommended to avoid making databases directly accessible to the internet. It's a big topic, but if the database contains any kind of valuable data then a pattern of fronting the database by a service greatly reduces vulnerability.
I recommend using the service Parse. Their service is built specifically to solve the iOS/Android backend problem. I just wrote a blog post about them: Parse, The Best Backend for iPhone SDK.
Okay, so I'm currently developing an iphone app that I plan to take into production and scale. I'm a bit lost on the whole subject.
What is better to use: core data or sqlite? (as the local DB)
Also, can sqlite be used exclusively to communicate with my remote server as well? At first I thought it could but I've been reading that sqlite isn't great to use on servers that get a massive amount of hits.
I've read that oracle, mysql, or mssql may be better to use on a remote server and that I can communicate with these servers via REST or SOAP.
I plan to be able to both read and write to a remote server. The files transferred will mostly be small data objects and pictures. Speed is of the essence, so I'd like to know which options are my fastest routes. Of course, I want the option to scale and not have performance take too much of a hit as well.
On the subject of Core Data vs sqlite see this question.
SQLite is a small and lite embedded SQL database engine. It's not meant to used in server environments. In general, it's not a good idea to communicate directly over the Internet. It's more common to have some sort of process logic between the client code and the database to do a range of things like validate input, process business logic, security, etc. You can implement this sort of layer in REST, SOAP, or whatever you like. Since your clients will be mobile devices, a http based web service (like REST or SOAP) is a good idea as all mobility platforms have inbuilt API support for http messaging. There are lots and lots of options on the server depending on what type of server you want to setup and run with.
If your new to this, maybe you should read something like 'Patterns of Enterprise Application Architecture' by Martin Fowler to get a idea of what sort of design patterns people use to implement the server side layering.
We're currently using the SSO component of Oracle 10g App Server to authenticate users on our external / internet facing client "portal" (think similar to online banking)
SSO uses Oracle Internet Directory to store it's data, and we've been able to use PL/SQL and Java to access and modify the data held in OID (e.g create/drop users, change/verify passwords etc)
With the advent of 11g, Oracle appears to have "orphaned" SSO… it is available, but only as an add-on, and it appears to have been superseded by Oracle Access Manager. I'm guessing that it will have been dropped together by 12g. Plus it looks pretty difficult to install and get running correctly.
So, I'm wondering if anyone has any experience of having had the same migration problem as us? If so, what did you do?
Alternatively, does anyone have any experience of doing something similar using Oracle Access Manager? Do you think it will do what we want?
Or is there a better road to go down? Is there something else I should be considering?
Sorry for the very broad question, but it's one of those situations where a person's experience of what does + doesn’t work can make an enormous difference to us making some progress in a timely fashion. Thanks.
From my knowledge, Oracle Internet Directory (OID) is an LDAP compliant directory whereas Oracle Access Manager (OAM) is much more complex and consists of two main systems:
Identity System (users, groups,
workflows)
Access System (single/multi domain
SSO solution for Web and non-Web
based applications).
Access Manager relies on an Identity Server which is a stand-alone server process that communicates with any Directory Server (AD, OID, Sun Directory server..).
So you can use the new OAM and link it with your existing OID... to retrieve users/groups and metadata. All that you could do with OID will be doable with OAM as it brings more abstraction layers.
But in my opinion, and considering your case, directly accessing LDAP servers (OID, AD, etc) and using a light and "home made" SSO system is cheaper than relying on those big systems.... I think OAM is a usefull solution when you have lots of heterogeneous applications (web, non web, mobile, ...) and/or multiple organizations/domains with links and/or you need a very scalable approach.
I'm in the middle of working on my first native application with networking and I have a question regarding the best way for interacting with remote storage. In a perfect world I'd like to do the following.
Prompt the user for login information from the iPhone.
Verify the users credentials and connect to a MYSQL database hosted by myself.
Parse MYSQL data into a table view.
Allow the user to add or update information in the database.
I've read some similar questions posted, maybe something's lost in translation, but the two most common means I've come across are.
Create a web service for handling these requests using SOAP/REST/JSON (no experience doing this, but would like to learn if it's a better implementation)
Write PHP scripts (enough experience to get by) that will grab data username/password/requests securely from my NSURLRequest and echo the NSData as XML and parse it with an NSXMLParser.
Are there other options? Is one a better implementation over the other? (web services come up more in searches)
Thank you in advance for taking the time to read my question and possibly clearing up any confusion.
Whoa! Web Services! Oh wait, calling a PHP script that returns JSON is actually also a web service. Well, that makes things simpler :-)
Yeah, so I would go for this:
Write a PHP script that returns JSON data (many tutorials available)
Protect the PHP script by setting up 'Basic access authentication' (Apache documentation)
Tell Apache to take the user database from your mysql database
Run your service on secure (HTTPS) web server (important because basic auth is not secure)
This way you can use almost all standard components on the iPhone side. NSURLConnection will talk HTTP(S) and there are excellent open source JSON parsers for Objective-C.