Protecting API calls from iOS app [closed] - ios

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I started development of iOS applications using HTML5 and Phonegap.
I have a question about security here. Since iOS applications can not run PHP code, people use REST apis to communicate with the server in order to get data from a database and such. Or am I wrong?
Anyways, how can this be secure? For example, someone can just extract the code from the app and will have access to the API calls. How can this be secure? I am not looking for snippets of code, I am wondering what method is used to secure this? As of now, all I have on my head are tokens like the ones used to prevent CSRF attacks and such.
Thanks in advance!

you can use rest services but it doesnt mean you are giving the access to the service. You have to deal with the sessions but do not include clear passwords, etc., unless you connect to the backend by prompting the user, using Oath to authenticate the session and store it in the keychain. You can force the user to re insert the information when the session expires and you can check that everytime the user accesses the application.
If you decompile the app or just unzip the app, the html code can be accessed but the difference is "how you manage the connection". Obviously, as Ive told you, if you use static information (using a .plist file or whatever) your applications will be strongly inefficient and easily to break. My recommendation would be to learn how to work with keychain, NSURLCredential, OAuth and cookies management in iOS.

Related

PHP // MYSQL // JAVASCRIPT needed for a native iOS online app? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I'm thinking of developing an app where you can look at each other's profiles (basically a Job-Finding Application) and I would like to know if you needed any knowledge of PHP, MYSQL for the databases and would you need any knowledge of Javascript to develop the application.
I'm currently looking at Google Firebase and also didn't know if that required any PHP knowledge?
All of the Firebase SDKs that you would use in your client app do not require any programming language knowledge other than what's required for your client platform. If you want to write entirely in swift, that's fine.
The only exception is Cloud Functions, which requires that you learn JavaScript to run on the backend.
iOS apps are built in Swift or C#, typically not javascript and never php.
You can build a PWA (progressive web app) that acts like an ios app using javascript Libraries such as react.
However, MySQL is a database that can be used with any number of applications and programming languages, so you should probably learn that.
My guess is that if you are asking this question, you probably should consult the Apple developer documentation before asking on this form.

Should I add mid-tier (like Java or Node) when working with iOS and Parse (or any other cloud based SDK)? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I am pretty new to iOS and I am planning to start one iOS native application with Parse/AWS or any other cloud based DB handling. Is this a good practice or I should include mid-tier like Java and let my app talking to it instead of directly dealing with Cloud? My question is around security and scalability of my application. If I include a mid-tier then I think I can use that as an API with in Android version of my same app as well and which will make things easier for me to handle.Share your thoughts please.
First, great question. I am a long-time user of Amazon web services, where I call for the database without a middle tier. I find that the cloud balances the load well, spins up new resources well, and generally responds well.
As for the security element, you are really sending authenticated requests directly into the cloud, not to a given server. Hence, making a round trip to a specific server (linux + java) is no longer necessary. The cloud can accept datagrams with authentication information loaded.
I am not a parse person, so I may not get this answer voted, but AWS uses a security service called IAM (Identity and Access Management) which forces you to define a pool of permitted resources in your cloud. I imagine that Parse provides comparable services (if not, perhaps consider the AWS cloud), since this is how you are able to call for the database without a middle server tier.

How to connect to an online database from my iPhone app? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I want to make a very simple app that connects to a database and retrieves some questions and answers for a quiz.
What is the simplest way to do this? Is Parse the way to go, or is it possible to use a sqlite3 database, which is hosted online? I want to keep it as simple as possible.
you should NEVER connect your mobile apps directly to a database. you should create a rest api for that, a simple php for example that will be connected to the database and return the results to you.
For connecting data on a server to a mobile app you should use a API Rest, not a direct connection to a database.
You should denitively go for Parse. You would have to implemente nothing on server side and it has an SDK already implemented for iOS that helps you retrieving the information.
Also the free plan could fit you for quite time.
https://parse.com/docs/ios_guide#top/iOS
The easiest way would be to be create a Rest API in any of the server side language like PHP and access your online database. Having said that , this would mean you would require it to be hosted somewhere online.
The best option in case you don't want to spend on hosting on a server and writing a server side script to access the traditional database would be use to Parse which has options of saving the data in the offline mode in your app and then you can sync it with the database online.
About sqlite3 being hosted online , that won't be a suitable option . I suggest you go for Parse it is easy to learn .
Best a way for your task - Core Data
If user don't have access of network? How he takes questions and answers?
Just I too building that task.
Parse can use when we want save results test or something data user

User authentication in Rails API [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a rails API which has several models, and controllers that return JSON.
The API will be responsible for managing all the data, and there will be a 2nd app for serving the web front end.
I'm wondering where the users table and authentication controller should be.
The options would be:
Keep authentication in the API, and build a web front end that queries for users/roles etc.
Implement a Devise user in the front end, completely separate from the API.
Any idea's what the best practice is for this?
Thanks for reading.
If I understand correctly, you have
1 rails app with API
1 rails app that serves the front-end, and the 1st app actually serves as backend/database for this app
Correct?
In that case I would make sure
use devise in the second (UI) app
the authentication of the API is between two servers, and you could just use a simple/effective authentication-token
the second server will protect the API from unauthorized access, since no client will ever see the url or authentication token (since it is server <-> server communication)

How to store data on the internet for an iOS App [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
So I know this is a pretty simple question, but I've looked through all of my iOS textbook and can't seem to find out how people do this. I just want to store and edit an array on the internet. That is, let's say all of the data for my application is stored in an NSMutableArray. Ignoring the complications that occur with people editing the array at the same time, how would I allow multiple people to go into my app and then through that app access and edit the NSMutableArray for others to see?
There are a ton of options here, some of which were listed by #Zaph. The most common scenario to share data between a ton of random users is to setup your own server to run an API that you app will be able to communicate with. This is commonly referred to as the "Backend". The solutions here are vast, written in many different languages and sometimes even provided by third parties services. My advice is to pickup a simple, easy to learn server-side setup like Ruby-on-Rails, then deploy test app on Heroku as they provide free accounts to play with.
In addition to the options #coneybeare provided some others include DropBox, Parse and Azure.
Dropbox requires each user so setup an account.
Parse and Azure have rather easy APIs but you will be paying past the free tier.

Resources