this might be a pretty simple question.
I'm not into this, so please excuse my lack of knowledge.
I would just like to ask for your opinions on what might be the best and easiest solution to achieve my goal here.
I'd like to develop a simple shopping list application (for the sole purpose of learning) where two (or more) users are supposed to work on a shared file on a web server (e.g. an XML file).
I considered using FTP but I have concerns about the security.
What do you think?
What do you mean by "shared file on a web server"? A file that is supposed to be modified by different users simultaneously or just a file that every user downloads? If its the latter, FTP is overkill and it would bring problems in the long run with bigger audience. The fastest (and secure) way to do this is to encrypt the file and put it on fast web service (like S3) and decrypt it on the phone. If you want to be absolutely sure use public/private key crypto - this way you encrypt the file and ensure that this file can only be decrypted, if it comes from you (e.g. encrypted with your private key).
Related
I would like to use some publicly available data from a government website as a source of data in an iOS app. But I am not sure what is the best / most polite / scalable way have a large number of users request data from this website with the least impact on their servers and best reliability for me.
It is 1-50kb of static XML with a fixed URL scheme
It updates with a new XML once a day
New users would need to download past data
It has a Last-Modified header but no caching headers
It does not use compression or a CDN
It's a government website, so if someone even replies to my email I doubt they are going to change how they host it for me...
I'm thinking I could run a script on a server to download this file once a day and re-host for my app however my heart desires. But I don't currently run a server which I could use for this and it seems like a lot just for this. My knowledge of web development is not great, so am I perhaps missing something obvious and I just don't know what search terms I should be using to find the answer.
Can I point a CDN at this static data somehow and use that?
Is there something in CloudKit I could use?
Should I run a script on AWS somehow to do the rehosting without needing a full server?
Should I just not worry about it and access the data directly??
You can use the AWS S3 service (Simple Storage Service).
The flow is somewhat like this:
If the file doesn't exist on S3 yet, or, if the creation date of the file on S3 is yesterday, the iOS app downloads the XML from the gov site and stores it in S3.
If the file exists on S3 and is up to date, download it from S3.
After that, the data can be presented by the app without overloading to the site.
I think the best way for you is to create an intermediary database where you can store your data in a secure manner.
Create a pipeline that does some data transformation and store in you newly created database.
Create an api with pagination and you desired filters
Also make sure you are not violating any data policies in the process.
I hope this helps.
I am developing an iOS application (to be deployed on the App Store) that requires content updates on a weekly basis.
I understand that the best way to achieve this would be to use a server, where the app would query for new data and download responses in JSON. However I am not knowledgeable when it comes to HTML, PHP or MySQL and therefore am endeavoring to find an alternative.
Here's an idea: using Dropbox to substitute for a server backend. My app connects to one central Dropbox account, checks for new files, and downloads them if present.
Is this idea feasible? If not, are there any alternatives?
Dropbox cannot be a dependable substitute for your server/backend for following reasons:
Dropbox uses OAuth for authentication, which needs user interaction. You do not want your app users to go through Dropbox authentication with your 'common' credentials.
Users who have a Dropbox account or the app installed, will most likely use their own credentials to login which completely breaks your flow.
Drobox, although a good way of sharing and syncing files is not meant for more meaningful data like web services etc or user/database interaction etc. Just syncing JSON file may suffice your app's needs for now but from a long term perspective you want a proper back end.
As suggested in the comment by #tkanzakic you can use one of the substitution services if you don't want to get too technical on the backend.
I am pretty late to the party, but this is possible and not necessarily a stupid idea (though this depends on what you need). You might want to have a look at remote storage for example, which allows you to use Dropbox among other providers as backend.
For sure, you can use the Dropbox Sync API to achieve this (https://www.dropbox.com/developers/sync).
I'm having trouble determining what the best approach is for the following scenario.
My application POST's to my web service.
POST URL includes several parameters, including device info + a shared secret
The device is stored in my database IF the shared secret is correct
At the moment, this shared secret is hard-coded in the app and the connection to my web service is over SSL.
This obviously limits people from finding out the shared secret and abusing my web service.
However this approach isn't as secure as I'd like, due to the possibility of decoding my app etc and getting the secret.
Is there a better way of doing this, as opposed to the shared secret approach?
With local keys almost every security approach can be leaked by somebody somehow. This does of course not mean that we do not need to put any effort in at all.
If people download your app the can possible further investigate the code by reengineering and or refactoring
However, if there is no other way than putting the secret key within your apps binary, you're left with a (weaker) alternative often called security through obscurity.
There are many ways to do this and you can probably find a lot of discussion on the internet about this topic so here are just some ideas:
Split the key to multiple classes and throughout your code
Disguise your key as string which will could be used in a normal way within your app
Hash some data or code segments on startup and include them in your key
Use all of the methods named above together
There are even some frameworks out there like UAObfuscatedString which might help you implementing your logic.
Keep in mind, the best way is always to not hardcode a secret key within your apps binary but somehow "load" the secret from your server who e.g. calculates the key…
I'm doing some research on a new project we want to work on, but before we actually take on the project I have some concerns.
This project involves storing a lot of (text) data somewhere on a server, you can think about it like Instagram (but without photos).
So you can follow people, view profiles, list of activity ...
The question is, how do these apps send all this data securely to a server?
And what kind of server do they use? Something like Amazon AWS?
They are sent over https which is built into the NSURLConnection class. You can have a server (I use linux but you can use anything) have a self signed ssl certificate and your App code can give an exception to that particular URL for self signed certificates if you are wanting to save money. It is better practice and more secure to have a signed certificate though.
As far as storing it, most don't actually store it encrypted. It is sent to the server running a web service encrypted and then is stored in the database / file system unencrypted. The reason for this is there is a lot of processing power required to compress things and the extra over head of storing encrypted things as well as making it harder to search and index depending on how you do it.
Amazon AWS would work although I run my own server at home. It's quite easy to set up.
I'm developing an iPhone game, and thanks to some backers, I got the funding for finishing it.
I wanted to give rewards to those backers with a "passcode"; they will simply enter the passcode and get rewards in the game.
Of course, any one of them would be able to distribute that passcode to the public...and that's a problem.
What is the best way to achieve something like this? Some kind of one-use password?
My first idea was to connect to a remote MySQL server from my game and check that password if it has been used before etc. But I was told that I shouldn't do that directly, that I need some kind of intermediate platform for it. So for the sake of simplicity, what are your ideas?
You could build some web services yourself to interact with your app. Alternatively you could choose a service that claims to do this for you - e.g parse.com. Have a look at the 'user management' section of the homepage of that site. I don't know how stable Parse is but it does look promising for what you want to do, if you don't want to spend a lot of time. There must be some alternatives out there as well.
Not certain but i dont think there is an MySQL driver handy for this architecture, so writing directly to a server on port 3306 is out of the question (as well as being a huge security risk for your server). I would probably write some simple rest API (in PHP), server side, and do a REST call to the server from the iOS app, a simple request-response over http(s). The response could probably be an xml file (aka a plist) that you could store in the Documents directory - your cue moving forward that the device has a privileged access to your goodies. The server would interface the MySQL to 'consume' the passphrase. PHP can be setup to be relatively safe (from SQL injections, and other 'bad' things).
These two tutorials by Ray Wenderlich demonstrate almost exactly what you want to do. Set up a MySQL database with a Php interface.
Part one:
http://www.raywenderlich.com/2941/how-to-write-a-simple-phpmysql-web-service-for-an-ios-app
Part two:
http://www.raywenderlich.com/2965/how-to-write-an-ios-app-that-uses-a-web-service