How does the Parse Local Database store its data? - ios

Is it using core data?
Is the data encrypted in any way? Is there a way a user could maliciously modify it easily?
I have been trying to look for this answer since LDB was announced for iOS, and have not found any information regarding this other than 'it is just like our android implementation'. If this information is stored in plaintext I cannot store sensitive information in it, which is why I would like to know.

I've just created an app that uses the local database, and here's what I've found.
Inside <app sandbox directory>/Library/Private Documents/Parse there is a file called ParseOfflineStore. This is a sqlite database. There are 2 relevant tables inside (ParseObjects and Dependencies), and pinned objects are stored inside ParseObjects.
To answer your questions:
1) No, it does not use CoreData, but it is sqlite (the same db backing store as CoreData).
2) No, it is not encrypted. It's in the clear, stored in the ParseObjects table, in the json column as cleartext json.
It would be relatively trivial for anyone who can hook up iExplorer to the app to download, change, and upload the local database. However, if you have a user who can do that, it's likely they could proxy your app with Charles anyway ;-)

Related

Database for electron app

Recently started with electron. Can any one please help me with the database selection. It seems like there is no straight forward choice for it.
Suggest a database for medium size project.
In Electron app, you can use the database of your choice :
https://github.com/louischatriot/nedb
https://github.com/pouchdb/pouchdb
http://lokijs.org
https://github.com/kripken/sql.js
https://github.com/pubkey/rxdb
https://github.com/amark/gun
https://github.com/typicode/lowdb
https://github.com/google/leveldb
According to your purpose, a single JSON file can be used as a database.
You can use CouchDB, which is the non-sql database, in that you can store data in JSON format, they have inbuilt sync functionality, that means, you just need to store data locally in HTML storage provider and CouchDB will automatically sync that with the server.

SQLite Database Security and Tampering

I just wanted to do a quick sanity check with StackOverflow to confirm my suspicion. I'm creating an app and was tempted to use FMDB in Swift to store some data.I am treating this data as public in the sense that I assume it can be tampered with (and thus untrusted). This is because, after all, unlike a web app, this app runs on a user's device and thus they can access the .sql file and alter the database.
If I wanted to store information like if a user purchased something, unlocked certain weapons, or other data that I do not want to be altered in any way, I should not use a local database on the user's device.
Would you say this is correct and safe to proceed under this assumption? If I was looking to use the database to persist something important that took place, what would be a good approach? encryption with the key in the app, or maybe a hash or something?
If you want to secure your database, FMDB includes hooks for SQLCipher, which you have to obtain separately. See the various FMDB Encryption Methods that you can use once you have SQLCipher included in your project.

If I make a database on Realm, will it be accessible to my user without internet access?

I'm trying to build my first Swift app and I think Realm may be a good option for my database. This might be a totally stupid question, but will my users be able to access the data on my database without an internet connection? I'm fairly certain that the answer is yes, but I just want to make sure.
As a side note, I want the data to be stored on the users phone (not a server or anything like that)
Thanks for the help
Yep! Realm is a completely offline, local database solution. There's no online component, but if you do decide to, you can sync data from Realm online using third party cloud services like Parse (Or just literally copying the database file to Dropbox).
By default, all data saved with Realm is stored in a file called 'default.realm' in the Documents directory of your app, but you can easily explicitly set where you want the data to be saved.

Hiding data structure for sqlite file stored on Dropbox, using password protection

I have been searching this thread to find the best way to hide the data structure for a Sqlite file used by Core Data in an iOS app. I have found many questions that address the desire to keep data from the end user, but I am primarily interested in protecting my data structure (and secondarily, to keep the user from messing with his data). I am currently using Dropbox to back up my app's Sqlite file, and as it stands, anyone can open the file and see the data structure. In my new app, I would still like to use Dropbox, as it has worked well so far; but I do not want the end user to be able to open the database file. I just want the app to be able to upload or download the file.
It seems as though encryption of the entire file may be overkill, and I do not want to encrypt individual fields because I am more interested in the structure. I have seen a couple of posts that have asked about password protection/encryption, but usually the answers address encryption, and I have not been able to find much on password protection.
From what I have learned (and please correct me if I am wrong):
1) CommonCrypto would be best for field level encryption and is probably not what I am looking for.
2) OpenSSL and SQLCipher will encrypt the database, but may slow performance (and may be overkill for me)
Is there a simple way to provide password protection for the SQLite file, and still be able to read/write with Core Data? I realize that I would have to store the password within the app, which would make it fairly easy for a hacker, but I am okay with this. I am just looking to provide one extra level of protection for myself (as far as the data structure) and for the end user (so that they can't muck with/mess up their data).
If you are only concerned with the Sqlite file that you are backing up to Dropbox, you can using something lightweight like ZipArchive to zip and password protect your file before saving it.
http://code.google.com/p/ziparchive/
Cheers,
Rog

Updating Sqlite from web server?

I am currently building an iPhone app that is using Core Data and sqlite databases where the user will be reading static information from the database throughout the app. I have the issue where we may update the information in the database but not want to do a full update of the app, just the database. Can someone please help me out with either a easy function or a tutorial of how to go to a website or server and download the file which will replace the database that we have already put into the app? I'm new in xcode and I`m doing my first app.... thanks for your help
I think what would be a good idea is for your website to publish the data that must be stored in sqllite over REST, possibly in JSON or XML format.
This blog post describes how you could do just that. I must say that its approach to retrieving the content from the webservice is kind of low-level but it'll get the job done. Maybe RestKit can help you take care of all the low-level networking/http stuff.
I assume you want the static data locally so you don't require a constant internet connection for your app to work. Another option is to request the static data from the web and persist it in a file (NSUserDefaults etc...). But, that depends on how complicated the static data is and whether you have to query into that data. If you need to issue queries on that static data, a DB is definitely better.
You can also do a combination where you download updated DB if available async while your app works. You could have a setting in user defaults which is the current static data DB. If updated, you switch the current setting and re-establish the DB connection under a lock.
Here's how to make an http request using iOS.
rest web services in iphone
If you're downloading db data, don't convert the NSData to a string like in that sample ...
Also, ASI-HTTP-Request is popular. Here's samples on how to download a file:
http://allseeing-i.com/ASIHTTPRequest/How-to-use
http://www.cocoadev.com/index.pl?NSUserDefaults

Resources