I'm learning to build iOS swift apps, and I'd appreciate guidance on what storage options to use for different parts of my app. Perhaps examples of how other professional apps architect their storage would be helpful too.
To be specific, I see my options as
an independent MySQL DB
amazon s3
core data
nsuserdefaults
keychain
The app allows users to see/stream/download/upload videos and photos to their account/app as well as do all the normal voting, customizing user preferences, etc. This is an arbitrary app example though. A social media app storage would also be a good case study for me.
Given the variety of functionality to implement, I'm curious as to the best practices for storage architecture in maintaining sessions, persistence, and security.
Right now all I've implemented is having the user create an account and login by doing http requests to the MySQL DB. And i upload and download media from my s3. Each time user data is pulled anew from the DB.
Should i cache/archive stuff into coredata to make it faster for the user?
If a user wants the app to "remember me", where is that data stored?
Instead of straight http calls for logging in, should i do something with keychain? (keychains are the only thing i haven't implemented yet in that list. The rest I've messed with independently)
I've also heard nsuserdefaults is only to be used for user preferences.
Thanks for all advise.
Yes You should use core data for better performance.
Core Data would be a much better tool for the job:
->No mismatch between cache index file and actual data stored;
->Trivial querying;
->Nice and easy object oriented code.
NSUserDefaults
If you want to add Remember me option you have to use NSUserDefaults. It will store in plist file. For more information you should go through this.
KeyChain
Sensitive data like passwords and keys should be stored in the Keychain. Apple's Keychain Services Programming Guide states that a "keychain is an encrypted container that holds passwords for multiple applications and secure services. Keychains are secure storage containers, which means that when the keychain is locked, no one can access its protected contents". Moreover, in iOS, each application only has access to its own keychain items.
You interact with the Keychain by passing in a dictionary of key-value pairs that you want to find or create. Each key represents a search option or an attribute of the item in the keychain.
Related
I have created a framework in iOS, now I want to save some data within the framework so that the app don't have access in that and library can change the data whenever required , what is the best possible way to do it , taking all security issues into consideration ?
The only way of making it private to the framework/library is to encrypt the data as the app has the same level of access to files as the framework/library.
Also note that data is not saved into the framework itself, but into one of the many folders made available to the app (i.e. Application Support, Caches, Documents, etc.).
I don't know what you mean by "taking all security issues into consideration", however if you mean "make it impossible to access" then that won't happen as you will need to use a key to encrypt the data and it won't be possible to hide the key from a dedicated and skilled attacker. You will deter the casual user, however.
I'm currently developing a mobile shopping iOS application that connects to a RoR's backend to receive all its data.
Would you recomend core data as a way to store persistent data such as
Users information + Auth token (to stay logged in)
Photos of items so they don't have to load from the web every time the view is instantiated / app is quit and re-opened(caching).
These photos will be shown in multiple table views & description pages
If you don't recommend using core data. What other options would you say are best for someone in this situation to use.
Your bullet points are describing some simple preference-like items and then an image caching scheme. I don't see a reason to use core data or even sql lite. (Core data, incidentally has a steep learning curve.) You may be better off using NSUserDefaults for the auth token and then implement a file based image caching mechanism. Since the urls are unique, then create a file name by hashing the url. When you fetch the image, generate the hash based file name and see if it's in the file system first, if not fetch it over the net and store it for the next time.
I would utilize CoreData for your caching. You can easily store your images as NSData objects. For your Auth token, you may want to consider using the keychain. Take a look at the Keychain Services Documentation.
I am about to build an internal-only iOS app for storing simple business data. The data store will consist of a single entity only, with one entry per day. To start with there will be around two years worth of data (~750 entries).
I want to set the app up to do one-way syncing only. i.e. Only one person can enter data, but others can read it. iCloud is out as it only works for a single user account.
Is there a lightweight way to sync this datastore out from the single write user to the other read users? Setting up a full sync system seems overkill for this case.
Instead of iCloud, you could use one of the online backends such as Parse.com or Simperium. They would allow you to share data using a db and also provide for user accounts, authentication etc. If you want to run the server locally you can investigate DataKit.
I have an iPhone app I'm writing that needs to keep an offline data store that users of a specific licensed app can access.
I need a "Cloud" account where several users with different accounts can share the data. Is this possible?
I Googled and searched SO, but can find nothing about this particular topic.
An iCloud account is tied to a single user.
If you are asking whether you can set up an iCloud account that can be shared across multiple users; there isn't such a thing.
If you don't want to be responsible for syncing and vending the data yourself, have a look at Dropbox - where users can set up shared dropbox folders to do something similar to what you are asking about.
However, just putting the CD store on a Dropbox folder won't be enough to handle merge conflicts if different users modify the same value. In which case one solution is to have a web service that updates can be sent to, merges resolved, and the data pushed back down to the devices to be stored in their own Core Data stores.
A bit more involved than just putting the store in the cloud - but this stuff is difficult.
you need to start off with icloud
one of the best tutorials on net is:
http://www.raywenderlich.com/6015/beginning-icloud-in-ios-5-tutorial-part-1
http://www.raywenderlich.com/6031/beginning-icloud-in-ios-5-tutorial-part-2
sample icloud project
http://cdn3.raywenderlich.com/downloads/dox.zip
best of luck
I use my app to download file then I save into IsolatedStorage.
Can someone hack and get my files or folders from my app?
I do not know how IsolatedStorage protects its data? Do we have another ways to protect data in IsolatedStorage?
Yes your data is vulnerable.
If this data contains user details, like emails, passwords or even personal information then this should be made secure.
If you are storing information about a user's favourite colour or favourite car then this CAN be deemed as "not sensitive" and you will then have to decide whether you want to protect this.
Always assume that people can get at your data. It's just a matter of time before they can access it (just look at how people have jailbroken the iPhone and a vast array of other smart phones for that matter).
Remember Security is not obtained through Obscurity
The following link has good answers in relation to Isolated Storage on Windows...
https://security.stackexchange.com/questions/5660/how-secure-is-isolated-storage-on-windows
From within a managed application it's not going to be possible to access the Isolated Storage of another application. However from native code that's another matter, and WP8 has support for native code...
http://msdn.microsoft.com/en-us/library/windows/apps/jj681687(v=vs.105).aspx
Plus The following article asserts that there's only a registry in the way of a hacker who wants to get unmanaged code on to WP 7.1...
http://www.wpcentral.com/let-hacking-begin-how-windows-phone-7-can-run-native-unmanaged-code
So on WP7 it's pretty clear your app shouldn't store any sensitive data in isolated storage on WP and on WP8 it's even clearer. If you can avoid putting sensitive data in isolated storage do so, otherwise you'll need to encrypt the data, and then of course you need to consider the security of the encryption and the keys used to decrypt and encrypt the data. The following looks like a good guide on how to do that best...
http://msdn.microsoft.com/en-us/library/windows/apps/hh487164(v=vs.105).aspx
At the end of the day security is nothing more than a series of hurdles for a hacker, ultimately they'll probably get access to the data if they're really determined and have the skills and resources available to do so.