I've searched the web for this bit to no avail - I Hope some one can point me in the right direction. I'm happy to look things up, but its knowing where to start.
I am creating an iPhone app which takes content updates from a webserver and will also push feedback there. Whilst the content is obviously available via the app, I don't want the source address to be discovered and published my some unhelpful person so that it all becomes freely available.
I'm therefore looking at placing it in a mySQL database and possibly writing some PHP routines to provide access to my http(s) requests. That's all pretty new to me but I can probably do it. However, I'm not sure where to start with the security question. Something simple and straightforward would be great. Also, any guidance on whether to stick with the XML parser I currently have or to switch to JSON would be much appreciated.
The content consists of straightforward data but also html and images.
Doing exactly what you want (prevent users from 'unauthorized' apps to get access to this data') is rather difficult because at the end of the day, any access codes and/or URLs will be stored in your app for someone to dig up and exploit.
If you can, consider authenticating against the USER not the App. So that even if there is a 3rd party app created that can access this data from where ever you store it, you can still disable it on a per-user basis.
Like everything in the field of Information Security, you have to consider the cost-benefit. You need to weigh-up the value of your data vs. the cost of your security both in terms of actual development cost and the cost of protecting it as well as the cost of inconveniencing users to the point that you can't sell your data at all.
Good luck!
Related
I'm creating an app which generates a random question from a list (currently stored as a Numbers doc). Once that question is answered by the user, the unique question ID, the question itself and their answer is stored in core data.
When the user requests a new question one will be generated randomly from the original document and it will then be cross referenced with core data to find out if the user has previous answered that question.
I haven't included the code of my app at the moment as I'm not really looking for specific coding help. As someone who is new to the world of code I'm just looking for a nudge in the right direction for me to go and do more studying.
JSON looks like a possible, but the more I read about that the more it seems that it is about an app communicating with a website. I don't really want the questions to be accessed by just anyone, so putting them on my website might not work? Could I do it with a file local in the app? maybe a CSV?
I'm anticipating the file may become quite big as I add more questions - so I'm not sure if that changes things?
Thanks so much in advance, and apologies if this isn't quite the right way to ask questions on here.
I'm just looking for a nudge in the right direction for me to go and
do more studying.
There are many options to solve your problem. Each option depends on your skill, time and if the solution is even necessary for the app you want to make. In the end it's you who decides on which solution solves your problem. There are a few options:
creating your own backend
have a local file in your app
or use a third party service like Firebase.
Each option has its own benefits. Just to list a few:
Local file:
You could have a local file in nearly any format (XML, JSON, .plist) etc. The downside is that your app isn't dynamic - you have to manually keep adding text to this file and update your app trough the App Store for your users to see these changes. If you're going with this approach, I'd recommend using a .plist or a JSON file which is saved in your project. How to implement this correctly is beyond the scope of the question, but there are plenty tutorials out there to help you getting started.
You could put your data in a .plist file. This is nothing more than a dictionary with key-value data (same principle as JSON where each key has a value). An example:
question1 is the key, of type String, containing the value "How are you today". It's easy to read from this .plist since it's the same principle as JSON.
Also, JSON is just a format, it's used often to communicate with websites, but it's not limited to sites only.
Custom backend
This means that you make a backend on which your app can communicate with. You'd have to host your backend, write logic / code on your backend and so on. This can be very time consuming, especially if your app isn't that big/demanding. I wouldn't recommend this unless you have the experience, time, patience and need for this solution.
Third party
This can be a nice solution. Using a third party service like Firebase means that you have your data online. The Firebase library has been well tested and has great documentation to get you started. It's secure, fast, simple but .. it does take a little bit of time to learn how it works - but the end result is that you have a dynamic app where you can add, delete, edit questions and so on. This data can be protected if you wish - which means only authenticated users can access this data (Nobody else will be spying on your data :))
I don't really want the questions to be accessed by just anyone, so
putting them on my website might not work?
Read custom backend and Third Party.
Could I do it with a file local in the app?
Yes. Read Local file.
maybe a CSV?
That's possible but I wouldn't recommend it, but that's a personal opinion. I find it outdated and it's more difficult to work with than JSON.
I'm anticipating the file may become quite big as I add more questions
- so I'm not sure if that changes things?
What is a big file? Nowadays reading a "big" JSON file is probably nothing more than a few MB at most. Your phone reads this in no time. This won't be an issue for your phone or app.
I currently have a few apps that I provide to clients by setting them up on their own website. The app uses their own SQL database to record any transactions.
Recently, the number of customers I supply the app to has increased, leading to a higher maintenance work load as each installation must be managed separately.
I'm ready to move to the next level and want to host the app in a single cloud based environment so that I only have to maintain one instance. I would then provide access to that app to each client site, for example embed it in an iframe or perhaps deliver it via a sub-domain. I am not sure about where the DB would sit?
However, this is new territory for me and I'm not sure where to begin. The app is very small and quite simple. I've read a lot of stuff about SAAS but most of it seems quite enterprise level, I'm really looking for a simple and easy to use starting point.
What's the current best practice for this kind of setup and what might be a good guide to read or platform to use?
I'm trying to figure out how to make an iPhone application allow multiple users (that have it installed) share data among them. Now, the tricky part is that I don't want to host a server at my place (very poor ISP services), so I would opt for an online hosting solution. Next, by data I understand them to be able to, let's say, post a comment that would become readable to all the other users and to see what other users have said.
So, in my mind, I'm thinking of either having a file remotely hosted that could be accessed by multiple users at the same time, or a database of some sort or anything like that.
You haven't given us much to go on -- it's not even clear what your question is. If you're just asking how to go about this, I'd suggest the following steps:
Figure out what, specifically, you want the app to do, what data it will share, and who the data will be shared with. Is this an app that you're going to distribute publicly? Will all users share the same data, or will groups of users share with each other but not outside the group? How big is the data, and how is it structured? Can any part of the data change at any time (like a shared document) or will the data just be updated (like a SMS conversation)?
Decide how you want to host the data. If you'll need to serve a lot of users, you'll want some sort of database. If you'll need to serve a LOT of users, you'll want to make sure that your solution will scale easily. There are lots of hosting companies that provide access to databases like Oracle or MySQL, and that may be enough for your purposes. Or, you might want to look into some of the web services options, such as those offered by Google and Amazon. These can be fairly easy to use and have the advantage that they'll scale very well.
Get to work. You'll probably want to build a very basic version of your app around the same time that you're getting the server side working, so that it's easier to test. Once the server side is working and reliable, you can shift the focus back to building out the rest of your app.
How does one build a directory of 'Spots' for users to check-in to in a native iPhone app? Or, does the developer borrow data from, let's say, Google Maps?
When you Use data obtained from another network or source, you take a risk that the data may change and or may not be accurate, The data may cease to exist, (more so with google, LOL, one minute they are there like gangbusters, the next they are like "Gone" no explanation no apologies, just missing in action, if your developing an application for a business its always best to use your own data sources.
That may be more expensive but its the only way you will have any kind of control over your application resources,.
You can go both ways, it depends on what you want to do and how you designed it to do it. You can have a prerecorded and static database of spots, or you can update it sometimes connecting to some server or you can do it all dynamically by loading each time data from the internet.
Which one to choose? first you shall design your app having in mind something like:
How many times will these datas change
How frequently will these changes happen
How much will it cost to do an update
and so on
Developing your own database of places is likely to be quite an undertaking (and your competitors have a big head start). Google is beginning to provide their Places API for "check-in" style applications, so you may be able to get in on their beta.
I would like to get feedback from all you seasoned developers as to what methodology would be the more "correct" or "efficient" way of implementing my solution.
I have a 4.5 MB flat file that is some 16,000 rows with 13 columns. I know I can import this into SQLite and create my data model but would it be more iPhone efficient to use this file locally on the iPhone or have the application read the data from a web service?
Thanks.
If you are not going to update the data (or only update it when you are updating the app) the local sqlitedb is going to simpler and more responsive. You would probably be even better off importing the data into CoreData, that way you won't need to directly manipulate sqlite or deal with things like synchronous read APIs.
If you want to be able to have the app download updated data the choice because a lot more difficult, depending on the quantity of data, the frequency of updates, how large the changes tend to be, etc.
a local database should always be more efficient in terms of user experience than a web service
I'd use both.
A remote source allowing for a dynamic datastore, and a local datastore with local cacheing seems like a pretty safe bet.
As for the web service. Unless there is any server-side only business logic, maybe give a cloud solution a try. Something like Amazon's SimpleDB comes to mind.
It of course really depends on how static your data is. As everyone has mentioned already if you don't need many updates the most effective solution is a sole local datastore.
Cheers
I guess it depends a bit on how much of the data you need at any one time. If your users need to download a lot of data just to use your application, that would make your app potentially very slow and also unusable without a network connection.
How often do you need to update the data? Frequent updates would favour a web service solution. Otherwise you'd need to update your app and resubmit every time a bit of your data changes.
Another thing to think about: how much do you pay for web traffic for your website? It could become quite expensive if a lot of users constantly need to download data. Unless you use some kind of subscription you only get money once, when you sell the app.
Personally, I'd probably lean towards putting the data on the phone and not using a web service.