Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm new to iOS and have just started leaning it. I want to develop a small app for bus passengers where-in all users in the bus must login using the app.
If user is using the app for 1st time, he must sign up . User must enter all details like Name,Age,Emergency Contact,Address,Source,Destination,Phone number etc.
If user already exist, then login with existing user name and password.
All details must be stored somewhere (not sure) and retrievable format.
Here comes all my question and doubts based on above app requirements :
do i need to follow client-server architecture ?(mobile app being client )
where all user details will be stored ( on mobile or server )
when user tries to login, how check if user already exists or not ?
if any communication protocol to be used for mobile app communication then which will be good considering the performance of app should be fast.
mobiles internet data should be available ?
which database to use to store user details ?
considering all above things i need to design my app.
thanks
I will try to give some points to start from.
1) I think yes (its really depends what you want to achive but if you only want to get/pos resources to/from server, http request should be enough to start from).
2,6) Depends which details.
For simple details which no need in protection NSUserDefaults Sqlite or Core data can fit. (also there are some nice wrappers for them for instance TMcache, you will need to investigate it).
If you need to save private details you will probably need to use keychain.(honestly I would avoid saving important details on the device everything can be hacked so try to limit it).
3) One of the common ways which come to my mind is to check in run time if the user already logged in is by saving login status in NSUserdeFaults and check it in - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions. If you need to check Existence of user in your system than probably some server help will be need.
4) Please refer to apple Docummentation NSURLSession should fit.Also AFNetworking is really good library.
Edit:
5) Usually IOS will use Current Internet Connection which is available and more efficient for the system it will start with WIFI then CellularData (Check Reachability for testing availability of internet connection its also included in AFNetworking library) .
-All those questions/answers can be found on stack.Hope I helped.
List of common IOS frameworks
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am looking for advice on what the best tool for the job is for sharing a relatively complex data object between two iOS apps on the same device.
I have a real estate investment app that we will call app A which allows the user to input data about a potential investment property and calculate important financial metrics such as ROI. All of the property data is persisted using Core Data in an object we will call Property.
I am developing app B which imports a Property Object from app A and creates a PDF report that the user can send to other investors. The Property object does not need to be persisted in app B, only used temporarily to create the pdf file. I would like the user to be able to open up app A from app B and choose a property, similar to a photo picker.
My initial instinct is to use URL schemes to solve this problem. Is this the best solution for my needs?
There aren't many options and what few there are really require that both apps be developed by the same developer (which appears to be the case here).
The easiest is to used a shared, private, named pasteboard (UIPasteboard) in conjunction with custom URL schemes.
App A can put the data in the pasteboard and then launch app B using its custom URL scheme. Of course both apps must be coded to understand how the data is written to the pasteboard and on the name of the pasteboard. Though the name of the pasteboard could be passed as part of the custom URL.
Once app B generates the PDF, the reverse process can happen. App B can put the PDF into the pasteboard and then launch app A using its custom URL scheme. Then app A can get the PDF from the pasteboard and present it to the user.
Or, if it makes sense, app B can use a UIDocumentInteractionController to let the user choose what to do with the PDF. That is certainly up to your needs.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I am fairly new to MVC and am interested in keeping my MVC app secure. One of my concern areas, for example, is an Approve page that is available to uses to approve items that are up for review. The issue is that certain users can only approve certain items. When approving the app posts the ID of the item being approved to an ApproveItem ActionResult in the controller. The issue is that in theory (e.g. with FireBug) someone might post random IDs to this ApproveItem controller (including items that they might not be allowed to approve). Instead of trying to catch every issue like this in filtering, why not just use a GUID as the ID? Then I am almost 100% certain that the user is only approving an item that they are allowed to approve.
What do you guys use for security in regard to situations like this? It seems to me that a GUID would be the simplest. What do you think?
Your question (or at least the tile) doesn't really make sense. You can use Guids for Globally Unique Identifers within a security system, but you shouldn't use them AS the security system.
#ePezhman alludes to a potential Insecure Direct Object Reference vulnerability but this isn't an issue if you are correctly validating your users` actions.
What you're suggesting is Security through obscurity. Your app isn't actually secure, it's just really hard to guess some naughty input. What you should be doing is what you're trying to avoid and validate that the current user has the required permissions to perform the action on the entity. That is, is the user allowed to approve the item? and if they aren't you should display an error message or take other appropriate action (logging the attempt, notifying an administrator etc?).
GUID will be very simplest way to achieve this.
Otherwise you can go for "person -roles " level security to approve your items.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am creating one application. This application have two databases.
Local Database (In the mobile)
Cloud Database
Both databases are automatically syncing.
Through my application when I Browse the page I want to keep that page in my phone. again When I browsing without internet (Offline) I want to access that store files.
My problem is without internet offline browsing (stored web pages) need to access my local database and give the informations.
Eg. I want to search something. if it is internet search cloud database. (Same time store the web page HTML content in the phone). Offline searching want to access the local database. In here it want to use the stored HTML content. But access the local database.
It is possible or not? I am a beginner. Please guide me
You use scripts/code on server to connect to db on the server when you are online. Even if you download and save you 'HTML' file locally, when you load it in UIWebView it is not going to start fetching data from your local sqlite db. (hence all the down votes i guess)
So simply put, what you are asking is not possible.
However, an alternative which may work, subject to your app requirements, is to change your app code to always perform searches on local database and instead of HTML show search results using native UI. As you claim that your local db syncs with the sever automatically, when you are online, after your db is up to date, your search results will fetch fresh, synced up data from local db. Since your search uses local db you'll be getting last synced data when you are offline.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Let's say I release version 1.0 of my app.
Then say I want to completely change the server/database for version 2.0, however, doing so will break my version 1.0's server communications.
Instead of having users wonder why their version 1.0 app server communications stopped working for them, is there a way to let them know that they need to upgrade? In other words, is there a way to send push notifications to users using the old version of an app to let them know they need to upgrade for it to work?
I know Family Feud with Friends for iOS does this, basically because they add new features that wouldnt apply to the older version. This is another example of why you would want to send push notifications from the developer to the user.
Also, is there some a better way to handle changing up the server/database? (Sorry if thats too general of a question). I feel like breaking the server/database for older versions is bad practice.
This is a hypothetical question, so I'm not actually stuck in this situation, I'm just looking for ways to prevent/handle server/database changes in the future.
Thanks!
Typically an app communicates with a server via an API, and doesn't connect directly to the database. Since the API returns data and not the database schema, it is generally immune to database schema changes. If the underlying data structure changes, you may need to update the API, but the input and output should not change for a particular API function.
If your API function returns data using an extendible protocol like JSON, then you can easily return additional data to support new functionality, and prior versions of the app can simply ignore the new data.
If you must make a change to an API function that would break the current functionality, then you simply version the function call. users/get might be your old call and users/get2 might be your new call.
In the rare case where you must force users to update (security vulnerability, perhaps), then it is best to have a way to force an update in place ahead of time.
The first thing our app does is sends its version number to the server. The server can respond that an update is required and provide a link to the update.
Push notifications are not a good way to force updates. They are "best effort" only. Not everyone will get a push notification, especially if they've disabled push notifications in your app. Also, why bother someone who maybe has no intention of ever launching your app again? Let the App Store notify them, or wait until they launch your app, and check then, as described above.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
So I have this web app that in theory may one day become a for-pay application - if anyone actually finds it useful and worth it.
I have all the logic to handle payment, check to see if the account is overdue etc. in place. It is all stored in RavenDB (RavenHQ actually) - not that this should matter to the question at hand.
Now, I am trying to follow best practices, and I want my application to be performant, i.e. not micro-optimizing, but I want to do things in a way that will scale relatively well with load (if it takes off it will be hosted - I would love to not have to pay for more servers than is strictly necessary).
My app uses something close to the default login/account model. Users log in securely using forms authentication over https.
At what point should I check that a user is actually allowed (with regards to payment status etc - a domain model concern really) to be using the web application? Consider that this will mean requesting a single document from the RavenDB backend and checking if the current payment period has expired.
Should I:
Check every time the user logs in, and make them unable to "Remember me" for more than x hours, where x is a relatively small number?
Check in a few central controller actions that the user would visit relatively often - the application would essentially be severely restricted if these actions were not available.
Do a global action filter that checks for every request, then redirects to the "Pay nooooow!" page as soon as stuff expires?
Another option?
RavenDB does clever caching, so I don't think a request for this document would kill performance, but should the application really take off (unlikely, but one can dream), an extra database request per http request will probably lead to Ayende hunting me down and mercilessly beating me. I don't want that.
It seems to me like this is something that others would have thought about and solved, so I am asking - what would be the right way to handle this?
Thanks for any insights!
I don't think this is a framework issue strictly, it's more like how you want your site to behave and then use framework to support it. Generally speaking you want to make the site usable and not too restrictive unless when that's necessary, e.g. surfing the site with no restriction whatsoever, but checking out should be done very securely.