Currently I am using MySQL + RoR combination for storing data of my iOS application.
I use Core Data for offline storage.
So I have made a lot of APIs or various CRUD like operations.
Given the fact that Mongo stores entities as JSONs, and it also has a REST interface, is it possible to use Mongo without a web service in front of it to store data using its own REST API?
If No then whats the problem? Is it because of security concerns or its not possible at all.
If Yes, is it OK ?
Both concerns that you've raised are valid:
The MongoDB --rest feature is a simple readonly interface (no support for insert/update/remove operations).
It's also poor practice from a security point of view to expose your database server directly on the internet.
Suggested approaches would be to either:
1) Use (or build) a secure REST API for your application
2) Use a hosted MongoDB service that provides a secure REST API.
Related
I'm considering implementing Elasticsearch into a Content Management System (CMS) web app built using Ruby on Rails. However, since the app requires user account creation, none of the data is publicly exposed. When I'm indexing and quering this private data, will I be able to use Elasticsearch?
Yes, although Elasticsearch does not consider security at all, so you would need to handle this via your data access layer.
I'm developing with Azure Mobile Services (using SQL Azure) to provide a backend for both IOS and Android mobile apps and a PHP website.
My question is now that now custom apis have been introduced is it considered best practice to wrap everything up in custom api calls rather than e.g. using the CRUD table operation scripts directly from apps or websites?
Additionally for data access from a website should you lock down access to stored procedures and only exec via custom apis, to enforce a consistent approach no matter who the consumer is?
While I appreciate that custom apis and the table scripts are restful it still isn't clear how to architect a solution in the most efficient, reliable way that can enforce business rules in only place allowing each process only one entry point e.g. you have a stored procedure exec'd by an api called from the mobile apps. If the website calls that stored procedure directly without going via the api it could have unwanted side effects because other logic steps will have been missed.
I'm relatively new to Azure so forgive me if I have just missed something fundamental here. I've read many blogs and tutorials but they rapidly go out of date.
Many thanks
In my opinion the great feature of azure mobile services is the push notifications (to ios, android, wp). If you are not going to use that, there's no great advantage to use WAMS
(Windows Azure Mobile Services).
But it's a good choice using Windows Azure as backend since it's easy to scale up /down. In this case, you could create a Webapi and host in a Web Role. As it works with http, you can easily create Restful services and call them from your apps (ios / android).
I am planning to build an iOS app with using DB(Ms-Sql).
However, people recommends not to access DB from Xcode.
They recommend me to use php or asp for accessing db through a webpage.
I want to know the reason.
Also I am going to use DB only for (view) select line (not insert, update nor delete).
so is it possible to access directly to db for viewing purpose only?
thank you
It's generally bad for an application (mobile, web, any client) to directly have access to any database for security issues. Clients really should not be accessing the database, which is often holding very private/secure data. It opens up vulnerabilities (i.e., sql injection attack).
A set of web services written in php or java or some back-end technology is a more secure, scalable system. These web services can connect to the database and retrieve data. Your iOS application can call the web services and receive the data..for example in the form of XML or JSON.
I am building a new applications architecture and I need your advice. We have a central MSSQL server database hosted as SQL Azure. This database needs to be accessed from many different applications, most of them are web applications hosted in windows azure and couple of them are winforms apps.
Accessing database for web application is straight forward with ADO.Net. For winforms applications, the wcf data services technology seems impressive along with client authentication services for security.
I need to know whether this mixed mode of database access will work? In other words, will database integrity will be maintained if it is being hit by applications using a mix of ADO.Net and Entity framework.
Thanks in advance.
If you query the database using EntityFramework it will cache the data until you call SaveChanges(). If the database is modified (e.g. using plain old ADO.NET) in the meantime there is a risk of the data from the database being overriden by the application that is using Entity Framework. To prevent from this you need to use Concurrency Token. You can find some details here: http://social.technet.microsoft.com/wiki/contents/articles/3866.aspx
Note that when you start using concurrency tokens you need to be aware of possible concurrency exceptions which you need to handle. You can take a look at this blog post http://blogs.msdn.com/b/rickandy/archive/2011/02/17/handling-optimistic-concurrency-exception-with-ef-and-mvc-3.aspx for some ideas. WCF Data Services uses ETags for concurrency (http://blogs.msdn.com/b/astoriateam/archive/2008/04/22/optimistic-concurrency-data-services.aspx) but you may not need to do anything here if you setup concurrency in the EF model for the database that is exposed via WCF Data Services.
We are going with WCF RIA services. They seem to work well with multiple client types providing out of the box data access layer.
I need to populate a table in an iOS application with data from a Web database
I already have a MySQL database set up but reading about this it seems there must be an easier way for the iOS to interact with a web database
Any help or pointers would be appreciated,
Thanks
You should make an API interface.
Then use the API to communicate with the database. Using the database directly is a very bad thing to do.
If you are really desperate, consider using the MySQL C library. This article explains it in great detail:
http://www.karlkraft.com/index.php/2010/09/17/mysql-for-iphone-and-osx/
For my application, I chose to create a web service to act as an intermediary between my application and the database.
This layout has several advantages. Considering you have MySQL database you can try to create some php scripts (I chose php because the API to work with mysql is very very simple and as you said, you don't need very high security or performance).
You can use these scripts through HTTP requests (you can use NSURLConnection to do these).. These scripts connect to mysql , fetch the data you need to pass the result back to the application in an easier to use format (e.g. I use JSON).