How to make sure realm io user can only access certain data in a model - realm

I'm still learning how to implement realm.io in my next project. I'm really amazed in the Realm Mobile Platform (offline-sync).
I'm reading https://realm.io/docs/realm-object-server/#access-control but what I need is preventing user accessing certain data in a model. (let's say they only can access data only their own data).
Thank You

In addition to the Realm documentation. There are a couple overviews on Multi-Realm setups you could check out. They go over permissions and database design.
https://realm.io/docs/tech-notes/multi-realm-cheatsheet/
https://realm.io/docs/tech-notes/teamwork/

Related

Reporting on information held in Realms

Am a little new to using Realm, but learning fast. I've seen that when using the Realm object server the default setting is that a new Realm is created for each new user. I also see that with quite some effort a Global realm can be created and permissions given to it, so that many users can access that realm. As I'm working on an app where users create orders, then the first approach seems more secure; each user would have access only to the orders created in that users Realm.
My question is, in this situation how would I be able to report on total order information across users e.g. total order quantities/amounts for September for all orders taken?
I haven't been able to find any reporting system or information about this. Any advice or hints & tips that would help me solve this would be really appreciated.
So after making many checks and hearing back from the guys at Realm, it seems that it is not currently possible to get summary info across Realms.
One solution suggested would be to create a "summary" realm and write total info to is as Im creating the other realms, which doesn't sound like a good solution.
So the only solution currently, that will allow you to get summary information across e.g. orders for different people, is to store the information in one Global Realm and set the permissions so that all users can access it.
A final note, Realm have told me that they plan to bring out an enhancement, that will help solve this issue, by letting you set securities for users within Global Realms. Hopefully that comes out soon :-)

Web storage local data encryption or access blocking

I have developed web application that will store user's profile sensitive data in index db and local storage.I am using web storage as i need to access this data frequently in contacts page,chat page and other places as well.
My main concern is that everyone who is loggedin has access to this sensitive data.
So i was searching around ways to either block access of indexDb and Local Storage,I also check this Stack Overflow Question: Can local storage ever be considered secure? but could not make out proper decision to opt for.
Then i was wondering if we can encrypt this data while saving and decrypt after fetching so that no one has direct access to it.
Can any one suggest any approach and methodology which can easily solve my problem.
Thanks in advance.
After exploring a lot i found YDN-DB(Unified data access layer on IndexedDB, WebDatabase and WebStorage storage mechanisms) but i am yet to implement it,can anyone suggest any better solution than YDN-DB or its the best i can opt for now.
https://dev.yathit.com/ydn-db/index.html
Details of this DB can be checked in the above link.

Protecting local proprietary data in an Xamarin app

I have a Xamarin.Forms app that uses a local SqLite database as its source for data. The data is proprietary, so I want to protect it so that if someone gets access to the database file, they would have to decrypt it to access the data.
I also want to limit the number of queries users can make against the database so that at a certain point they have to purchase the ability to use more of the data (in-app purchase).
I want to avoid making network calls as much as possible to minimize impact to the user's data plan and allow the app to work well in conditions where there is poor or no connectivity. So, I want the data stored in a local database (perhaps in SqLite).
I'm curious how different people would approach this problem to protect the data and at the same time minimize network usage.
Here is kind of what I was thinking (if it's possible):
1) Let the user download/install the app.
2) On first load, the app will upload a key based on the device id and the user's current purchase information. Then it will download a SqLite database file that has been encrypted using the uploaded key.
3) When the user reaches their limit of queries, the database file is deleted. If they purchase more data, then a new key is uploaded and a new encrypted database is downloaded to be used.
Thoughts? Is there a better way?
I would suggest SQLCipher! It is a Component within Xamarin (http://components.xamarin.com/view/sqlcipher-for-xamarin-ios) but can also be built from source as it is Open Source (https://www.zetetic.net/sqlcipher/open-source/)
That will totally secure your database :)
UPDATE 8/2/2018 - SQL Cipher is now free and easy to implement thanks to the greatness of Frank Krueger. sqlite-net (https://github.com/praeclarum/sqlite-net) is the defacto sqlite library for Xamarin now (if you're still using the Sqlite.Net fork I recommend going back to sqlite-net as soon as possible as Sqlite.Net has been abandoned) and it now includes SQL Cipher support completely free of charge.
As clb mentioned, SQLCipher is open source. So if you don't want to pay for the component you can download and build the source yourself, then wrap it for use in Xamarin. This is, admittedly, a technically challenging task.
If that's not an option, I would recommend two other options:
Reevaluate your need to store data locally. It's extremely unlikely that you need to transfer enough data to even cause a blip on a user's data plan. And between cellular and wifi, it's not that common anymore for users to be without a connection. It certainly does happen, and there are certain apps where this is very important, but you may have to make concessions if the data is that sensitive.
If you absolutely have to store the data locally, and you can't use SQLCipher, your last real option is to use a cryptography library and encrypt the data itself, rather than the database file. This is less than ideal, typically, for a variety of reasons, but it may be your last resort. PCL Crypt is a PCL capable crypto library that you can look into.
https://github.com/aarnott/pclcrypto

Difference between Cache,Session,Application,View in ASP.Net

I want to store some data during my site viewing.
Sometime i need to store large data like crystal reports and some times i need to store a string.
So which is best to use and when to use.
Where are these datas stored. i.e., Client or Server
Please go through this link:
Nine Options for Managing Persistent User State in Your ASP.NET Application
What you are asking is about State Management in ASP.NET. What you have actually listed is Server Side state management options.
You can made a choice of which to use depending on your requirement or functionality.
I will recommend you do some background reading on MSDN regarding State Management. I am not sure which answer you need here as your query is a bit generic.
Here is a link to get you started... http://msdn.microsoft.com/en-us/library/75x4ha6s.aspx
This is a very open ended question. Ass Julius said you need to learn more about the different ways you can store information. For example, Application is used when you want to store information on the initial startup of the site and make it available to all users. Session is for a single user so you may have many sessions open depending on how many users you have online at that time. Cache is also a way you can store information on the server. All of these are stored on the server so if you have hundreds of users online at the same time, server memory will be consumed holding all this information. Rule of thumb is to try to be conservative when storing information in these locations. Personally, I rarely use application and also try to limit my use of session to when it makes sense. If I were to write an app that used crystal reports as you are, I would probably use sql to store the paramaters of the report and generate the report from the parameters but it depends entirely on the needs of the user using the app.
You can find a wealth of infomation on this subject on line. Hopefully this will give you some information.

Implementing chat system: where to store chat data?

i am implementing a chat system in asp.net, much like google chat and i use xmhttp to send and receive data, and i am using a single table to store all chat for all user.
i wanted to create global temporary tables in sql using a XMLHttpRequest so as to be abl to organise data better(instead of storing all the chat in a sigle table which can(i dont know for sure) cause locking issues when many users are accessing it.)
also for my system i don't have to store the chat and so i thought that a global temporary table would be better since it will already be dropped and save me the trouble of clearing it.
but the after the table has been created by the Xmlhttprequest it gets dropped just after its creation....why this happen i don't know....i also have removed all connection closing lines but still no luck
so what should i do?? also if anyone knows of any online resources that can points me about best practices to follow please tell me.
Your table won't have locking issues with many users accessing it. Temporary tables are not meant to be shared cross-call, and you're going to wind up with far more roadblocks down that path. It is probably better to simply store your data in a table, then poll the table.
The only time you could have "locking issues" is if the users are attempting to write the same chunk of data to the same row at the same time ... which shouldn't be happening in a chat application.
Additionally, Google Chat uses a COMET style implementation instead of a polling implementation. It has been my experience that COMET > polling in terms of user experience.
You're not supposed to keep any chat messages on your database actually... unless you're implementing offline messages.

Resources