Android Question Advice needed, Remote SQL services and security questions

jmon

Well-Known Member
Licensed User
Longtime User
Hi everyone,

The application I am starting to develop requires a user interaction with a Database.

Basically, users should be able to download comments and ratings from an online database, and submit their own comments and ratings too.

I have a good experience of MySQL and SQLite, mostly with the applications I developed for my company. But the experience I have, the users were connecting directly to a remote DB on a trusted computer in the company, by LAN. The login and password were hard-coded in the application. The security wasn't an issue, the transactions were not encrypted. I knew everyone in the company.

I have read some about what I want to do, but many examples involve languages that I don't know, such as PHP and Json.

As I have never worked with remote internet databases and unknown users, I have a few questions:
  1. Should I proceed the same way as I have done previously, with prepared statements, pools and sq.ExecuteQuery2 to query and write the Database?
  2. What hosted database services would you recommend?
  3. What would be the secure way to avoid storing the password and login in the APK file?
  4. Can all of that be done with only B4J and B4A, or do I need to learn PHP or something else?
  5. Is there anything else that I could be missing and should be aware of?
Thank you.
Jmon.
 
Sort by date Sort by votes

KMatle

Expert
Licensed User
Longtime User
Since hosters are very cheap I went from the (very nice) remote calls to a combination of httputils, php and MySQL.

My reasons were:

1. I don't want to have a server at home (and monitor it)
2. The prices for a hosted php & MySQL are very low
3. php & MySQL with httputils2 is very simple
4. I wanted a user registration & a maximum of security (each user has to log in with an own password - the database password will never be transmitted)

So take a look at my examples if you like.

http://www.b4x.com/android/forum/th...h-a-server-using-httputils2-part-1-php.42442/

http://www.b4x.com/android/forum/th...a-server-using-httputils2-part-2-mysql.42456/

http://www.b4x.com/android/forum/th...using-httputils2-part-3-php-mysql-json.42663/

http://www.b4x.com/android/forum/th...on-using-httputils2-php-mysql-and-mail.42745/
 
Upvote 0

jmon

Well-Known Member
Licensed User
Longtime User
Thanks a lot both of you.

Klaus, those examples you wrote are exactly what I needed. They answer all my questions, especially the one on how to store the database password and how to send data to the database. Your examples are very easy to understand. Thanks for spending time writing them.

[edit]
Would you have a recommendation on which online SQL services to go for? So far I am hesitating between Google SQL and Rackspace, but maybe some other choices would be better?

Thanks again.
 
Last edited:
Upvote 0

KMatle

Expert
Licensed User
Longtime User
Im at 1&1 Germany. I would get a "cheap" or free one first (to see how far you get with your app). Later on you can switch to a more poweful hosting solution.

One thing I am thinking about is the load of users. I didn't find a source where you can get any informations like "x users with x data = x servers". Imagine you app will be downloaded 100K times. Then you probably have to spend a lot of money to get more servers (or a dynamic solution).
 
Upvote 0

jmon

Well-Known Member
Licensed User
Longtime User
@Erel
Erel said:
Have you seen RDC?
Click to expand...
My question may seem stupid, but do you mean Remote Desktop Connection?

Erel said:
You can let the user enter his password.
Click to expand...
Sorry, I missexplained, I was meaning the login and password for the database. But what Klaus explain in his examples is what I needed. Only the script on the server knows the password and login and users don't need to execute and query directly the database.

@Klaus Matle
Klaus Matle said:
Imagine you app will be downloaded 100K times.
Click to expand...
That's the kind of figure I'm looking at, at most. I think there could be around 1000 to 10k active users per day, but who knows, it could be more or less.

Klaus Matle said:
Im at 1&1 Germany. I would get a "cheap" or free one first.
Click to expand...
Good idea, I'll try at least to find a free one while I do my beta and a paid one later when I go live.

Thanks all of you for your help! It's most appreciated.

[edit]
So I went for "000webhost.com", at least for the beta version, maybe later I'll go for something more pro like dreamhost.
 
Last edited:
Upvote 0

KMatle

Expert
Licensed User
Longtime User
Upvote 0

jmon

Well-Known Member
Licensed User
Longtime User
Klaus Matle said:
Nice solution, but I'm worriing about the db user&password stored in a config file. On rooted devices it's very easy to read it (big trouble).
Click to expand...
Thanks,

I'm worried about that too, so your solution with PHP seem simple enough and easy to implement.
 
Upvote 0

KMatle

Expert
Licensed User
Longtime User
Yep. It's very easy and there are so many examples (php & mysql) in the net.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
Android Question Data security, in remote SQL database
Replies
1
Views
877
Erel
R
  • Article
Share My Creation Remote SQL Server Interface
Replies
2
Views
3K
rhanger
R
  • Article
Share My Creation (PHP/MySQL/API) User Login App
4 5 6
Replies
108
Views
48K
aeric
  • Locked
  • Article
B4A Library JdbcSQL - Directly connect to remote databases
2
Replies
23
Views
64K
Erel
  • Locked
  • Article
Android Tutorial Remote Database Connector (RDC) - Connect to any remote DB
20 21 22
Replies
423
Views
315K
Erel
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…