Android Question (Solved) jRDC2 can someone give example on correct authentication

knutf

knutf

Active Member
Licensed User
Longtime User
In Erel's original thread about jRDC2 he gives an example of the use of it. The only authentication in the example, as far I can see, is the login on to the database with username and password suplied in the config.properties file. When Erel and Aeric writes that authentication should be done on server side in a recent thread I don't think they mean the login to the database, right?

From Erel's original example about jRDC2, it is not easy for me to understand how authentication on the server side should be done. Can someone please show an example. It is nice if it is based on Erel's example.

In Erel's example, an animal table is created. Let's say we want individual users to log in with their individual username and password in their app. They can insert animals into the table when they are logged in. And when they request animals from the database, they only get the animals they have inserted.
 
Solution
aeric
I assume you understand SQL and database concepts such as 1 to 1, 1 to Many and Many to Many relationships.

I think there are 2 parts of your question above.
1. We need to make sure a user is registered in the database and allowed to execute commands with correct username and password
2. We need to make sure he/she only execute queries or update on his/her data, not data belongs or linked to another user

Let say the data looks like below.

users table
idnamepassword
1Alicexxxxxx
2Bobyyyy

animals table
idname
1Cat
2Dog
3
...
Sort by date Sort by votes
aeric

aeric

Expert
Licensed User
Longtime User
I assume you understand SQL and database concepts such as 1 to 1, 1 to Many and Many to Many relationships.

I think there are 2 parts of your question above.
1. We need to make sure a user is registered in the database and allowed to execute commands with correct username and password
2. We need to make sure he/she only execute queries or update on his/her data, not data belongs or linked to another user

Let say the data looks like below.

users table
idnamepassword
1Alicexxxxxx
2Bobyyyy

animals table
idname
1Cat
2Dog
3Echidna
4Frog

user_animals table
user_idanimal_id
11
22
13

SQL1a: 
SELECT a.* FROM users u
JOIN user_animals ua ON ua.user_id = u.id
JOIN animals a ON ua.animal_id = a.id
WHERE u.name = 'Alice' AND u.password = 'xxxxxx'
This query will return 2 animals (Cat, Echidna) linked to Alice

SQL1b: 
SELECT a.* FROM users u
JOIN user_animals ua ON ua.user_id = u.id
JOIN animals a ON ua.animal_id = a.id
WHERE u.name = 'Bob' AND u.password = 'yyyy'
This query will return 1 animal (Dog) linked to Bob

If either one of the users or let say Oscar provides wrong username and password, no results are return.

SQL2a: 
UPDATE animals
SET name = 'Hedgehog' WHERE id = 3
AND id IN (SELECT a.id FROM animals a
JOIN user_animals ua ON ua.animal_id = a.id
JOIN users u ON ua.user_id = u.id
WHERE u.name = 'Alice' AND u.password = 'xxxxxx')
When Alice provides the correct password and the animal id she is updating is linked to her then the update will take place.

SQL2b: 
UPDATE animals
SET name = 'Gorilla' WHERE id = 3
AND id IN (SELECT a.id FROM animals a
JOIN user_animals ua ON ua.animal_id = a.id
JOIN users u ON ua.user_id = u.id
WHERE u.name = 'Bob' AND u.password = 'yyyy')
When Bob provides the correct password but the animal id is not linked to him then the database is not updated.

We can add above queries into config.properties of jRDC2 server as:
B4X: 
sql.select_user_animals = SELECT a.* FROM users u \
JOIN user_animals ua ON ua.user_id = u.id \
JOIN animals a ON ua.animal_id = a.id \
WHERE u.name = ? AND u.password = ?

sql.update_user_animal = UPDATE animals \
SET name = ? WHERE id = ? \
AND id IN (SELECT a.id FROM animals a \
JOIN user_animals ua ON ua.animal_id = a.id \
JOIN users u ON ua.user_id = u.id \
WHERE u.name = ? AND u.password = ?)

This is just a simple example. There are always room for improvement.
 
Upvote 1
Solution
aeric

aeric

Expert
Licensed User
Longtime User
knutf said:
In Erel's original thread about jRDC2 he gives an example of the use of it. The only authentication in the example, as far I can see, is the login on to the database with username and password suplied in the config.properties file. When Erel and Aeric writes that authentication should be done on server side in a recent thread I don't think they mean the login to the database, right?

From Erel's original example about jRDC2, it is not easy for me to understand how authentication on the server side should be done. Can someone please show an example. It is nice if it is based on Erel's example.

In Erel's example, an animal table is created. Let's say we want individual users to log in with their individual username and password in their app. They can insert animals into the table when they are logged in. And when they request animals from the database, they only get the animals they have inserted.
Click to expand...
If you think my answer above is correct, you can mark as solution (click the checkmark at right side of the post). Thanks.
 
Upvote 0
aeric

aeric

Expert
Licensed User
Longtime User
Here is another example but without using an intermediate table.

users table
idnamepassword
1Alicexxxxxx
2Bobyyyy

animals table
idnameuser_id
1Cat1
2Dog2
3Echidna1
4Frog0

SQL1a: 
SELECT a.* FROM users u
JOIN animals a ON a.user_id = u.id
WHERE u.name = 'Alice' AND u.password = 'xxxxxx'

SQL2a: 
UPDATE animals
SET name = 'Hedgehog' WHERE id = 3
AND id IN (SELECT a.id FROM animals a
JOIN users u ON a.user_id = u.id
WHERE u.name = 'Alice' AND u.password = 'xxxxxx')

This one look simpler but there is difference.

Both Alice and Bob can add any animal to their list.
e.g. Alice and Bob can add Cat to their list.
For example 1, if one day an Admin user edit Cat and update it as Tom then Alice and Bob will see Tom in their list.

In example 2, one day Bob edit record in id 5 which is Cat to Mouse, this will not affect Cat in Alice's id 1.
idnameuser_id
1Cat1
2Dog2
3Echidna1
4Frog0
5Cat2

idnameuser_id
1Cat1
2Dog2
3Echidna1
4Frog0
5Mouse2

I hope this does not confuse anyone.
 
Last edited:
Upvote 0
aeric

aeric

Expert
Licensed User
Longtime User
I uploaded an example project to my GitHub

jRDC2 server authentication + console client

Simple jRDC2 server authentication example with user name and password This example is based on this solved question for learning purpose. If user name and password are not matched, the query will show 0 row result or affected rows. I added a non-UI console app to connect to the server. Edit...
www.b4x.com www.b4x.com
 
Upvote 0
You must log in or register to reply here.

Similar Threads

toby
  • Question
Android Question Unable to integrate with Google Authenticator app
Replies
1
Views
241
toby
toby
scsjc
  • Question
Android Question [SOLVED] BiometricManager - Biometric Authentication - Problem with NONE_ENROLLED
Replies
1
Views
880
scsjc
scsjc
metzeller_2013
  • Question
Android Question Is there a way to use Email and Password Firebase Authentication together with Firebase Storage?
Replies
0
Views
682
metzeller_2013
metzeller_2013
Andris
  • Question
Android Question [B4X] xCustomListView - can someone give me a simple answer for this problem?
Replies
5
Views
1K
Erel
Erel
BillMeyer
  • Sticky
  • Question
Other Forum Etiquette
2
Replies
31
Views
22K
Sandman
Sandman
Top