I have an iOS application written in Swift using Realm as a database working locally on my computer.
Right now, when I make reads and writes from Realm, I believe it is to and from a local file on my computer. Obviously this will not work in deployment, because the Realm file needs to be the same for every user, and every user will have the ability to change the Realm, so it seems that the Realm must be on a server.
How can I make it so that when users perform reads and writes to Realm, it maps to the Realm file on a server. What type of server should I use? I currently have an Amazon S3 account, should I just store the Realm file in a bucket and download and rewrite the Realm file anytime someone makes a change (though that seems highly inefficient)?
EDIT:
To ask this in a simpler way, what is the standard way to store user data in iOS applications on a server?
See this answer. Unfortunately what you're proposing doesn't seem to be possible, at least yet.
For what you're proposing you're better off using a more traditional server-side database.
EDIT:
To ask this in a simpler way, what is the standard way to store user data in iOS applications on a server?
That's quite a broad question, but normally saving data on a server is done through using your own custom API + back-end, or utilising a back-end SaaS (such as the soon-to-be-defunct Parse, or AWS.
If you want to store user data on a server you need to do this through network requests on the front-end, and your API would modify the database accordingly. You would never modify the database directly on your front-end.
Related
I would like to use some publicly available data from a government website as a source of data in an iOS app. But I am not sure what is the best / most polite / scalable way have a large number of users request data from this website with the least impact on their servers and best reliability for me.
It is 1-50kb of static XML with a fixed URL scheme
It updates with a new XML once a day
New users would need to download past data
It has a Last-Modified header but no caching headers
It does not use compression or a CDN
It's a government website, so if someone even replies to my email I doubt they are going to change how they host it for me...
I'm thinking I could run a script on a server to download this file once a day and re-host for my app however my heart desires. But I don't currently run a server which I could use for this and it seems like a lot just for this. My knowledge of web development is not great, so am I perhaps missing something obvious and I just don't know what search terms I should be using to find the answer.
Can I point a CDN at this static data somehow and use that?
Is there something in CloudKit I could use?
Should I run a script on AWS somehow to do the rehosting without needing a full server?
Should I just not worry about it and access the data directly??
You can use the AWS S3 service (Simple Storage Service).
The flow is somewhat like this:
If the file doesn't exist on S3 yet, or, if the creation date of the file on S3 is yesterday, the iOS app downloads the XML from the gov site and stores it in S3.
If the file exists on S3 and is up to date, download it from S3.
After that, the data can be presented by the app without overloading to the site.
I think the best way for you is to create an intermediary database where you can store your data in a secure manner.
Create a pipeline that does some data transformation and store in you newly created database.
Create an api with pagination and you desired filters
Also make sure you are not violating any data policies in the process.
I hope this helps.
I am currently developing an app for a friend's business (so it's clear that I am not a professional developer and he's not going to get the perfect app). He needs the app to display and be able to interact with data from a MySQL database. I have already tried to find a way to do this but they mostly include a PHP script that just generates a json document which the app can then read. I cannot do that because the data includes customer information that can't just be accessible like that without some form of authentication from the app. The app will only be used by employees at work and on specific devices so storing the data locally is not a problem. Is there maybe a way to create a local cache of the database and then work with that? I would also be open to use other database software that can handle spreadsheet-like data.
Thanks in advance for any response!
Assuming your app going to get JSON data through PHP API. In that case, PHP API should encrypt the JSON data and your app will decrypt it. If you want to protect your data on users device, one of the option to use cipher SQLite.
You can any use symmetric or asymmetric encryption technique to encrypt the API response.
Here is good post to read.
https://www.ssl2buy.com/wiki/symmetric-vs-asymmetric-encryption-what-are-differences
According to this post, it's possible to decompile an iOS application.
How can I prevent an attacker from gaining access to my AWS DynamoDB database? Just having the access keys out in the open like shown on the Amazon developer guide doesn't seem like it would be very safe.
I would think that I could use keychain to store the keys, but I feel like there would be an easy way to get past this for a motivated attacker, given they have the app's assembly source code.
Currently, I connect using Amazon Cognito. All I have to use to connect are the identity ID and the role name. I don't see anything stopping an attacker from simply getting those values and connecting to the database.
For example, what stops an attacker from decompiling the Facebook iOS app code and deleting all of the users?
How can I prevent attackers from decompiling my iOS application and getting access to the database access keys, or at least prevent them from doing any major damage, such as deleting users?
Based on my admittedly limited experience, I'd say that a really motivated attacker will always be able to retrieve the credentials you use to access your database regardless of what you do to your executable. I would, however, question why you application needs to have direct access to your database in the first place.
The usual way to safeguard your serverside data is to use a web service to access it. App contacts web service with request, service contacts db, gets data, sends it back. Since the web service and the db are both hosted on your server and only the web service needs direct access to your db, there is no need to store db access info in your app. Problem solved.
It's impossible. In order for your program to do something, it must contain the instructions that allow the computer to follow to do that thing, which means anyone else can also follow those instructions to learn how to do the exact same thing.
You can use SQLCipher and use your auth's userToken and/or userId as cipher keys.
I am developing an iOS application (to be deployed on the App Store) that requires content updates on a weekly basis.
I understand that the best way to achieve this would be to use a server, where the app would query for new data and download responses in JSON. However I am not knowledgeable when it comes to HTML, PHP or MySQL and therefore am endeavoring to find an alternative.
Here's an idea: using Dropbox to substitute for a server backend. My app connects to one central Dropbox account, checks for new files, and downloads them if present.
Is this idea feasible? If not, are there any alternatives?
Dropbox cannot be a dependable substitute for your server/backend for following reasons:
Dropbox uses OAuth for authentication, which needs user interaction. You do not want your app users to go through Dropbox authentication with your 'common' credentials.
Users who have a Dropbox account or the app installed, will most likely use their own credentials to login which completely breaks your flow.
Drobox, although a good way of sharing and syncing files is not meant for more meaningful data like web services etc or user/database interaction etc. Just syncing JSON file may suffice your app's needs for now but from a long term perspective you want a proper back end.
As suggested in the comment by #tkanzakic you can use one of the substitution services if you don't want to get too technical on the backend.
I am pretty late to the party, but this is possible and not necessarily a stupid idea (though this depends on what you need). You might want to have a look at remote storage for example, which allows you to use Dropbox among other providers as backend.
For sure, you can use the Dropbox Sync API to achieve this (https://www.dropbox.com/developers/sync).
I am new to iOS app development and am interested in developing an app that needs to utilize existing technologies to sync app specific data across multiple i-devices (iPhone, iPad, Touch, etc.). As an example, the app can be installed on multiple devices. On one device, the user will initially create an account. Then in subsequent logins, the user may create a task list, and each task item may possibly include a captured photo image. On the user's second i-device, as he logs in, he would be able to see and access the list and images (locally). Can someone explain to me what technologies I can leverage on to implement such an app?
Specifically:
How do I set up and manage the user accounts? Do I Need a dedicated server and sql database set up for my entire user base? And what programming/scripting languages do I need to learn?
How about the mechanism of pushing and pulling app data from one device to another? Do I need some kind of cloud technologies (SaaS?) to handle the storage and transferring of the data?
Any specific open source or commercial products I can leverage on?
Thanks in advance.
Kenny
I personally have not have had a situation like this, but here is what I would recommend.
You will need to have a server set up with database software.
You will need to write an api for yourself based on HTTP POST (REST) or maybe you could write a SOAP service.
I would HIGHLY recommend purchasing an SSL cert. for your server that way you can send the username and password in your request and it will be encrypted automatically.
For the api, you have a whole selection of languages and databases at your disposal. I am personally biased towards asp net with an MSSQL server.
with your api you will need to write methods to authenticate the user, and then save and send your data.
In your app you will simply send web requests to the server (ASIHttpRequest maybe?) and you can receive JSON responses back, which you can then deserialize into workable objects and vice versa.
if you do use asp net, you can use the newtonsoft JSON library to convert your objects for sending and convert received objects.
I dont remember the name, but there also is a JSON library for obj-c that is usable on iPhone.
Use a SQL server and host a database of logins and passwords.
Then, from each device, create a connection to the server, and download the login information for the account.
Also, not to be rude but: Google it.