I have iOS application with Realm mobile database. We've integrated Realm real-time synchronisation, and need to put into the app a switch for turning off synchronisation.
App should correctly work in offline mode. How we can do this? How can we create Realm without RLMSyncUser?
Realm files that are synchronized, and ones that are not are structured somewhat differently (Synchronized ones for example store more of the transaction history). As a result, it's not possible to convert a Realm file between being synchronized, and not.
At the moment, best practice for that sort of scenario would be to have a master local Realm file, on which the Realm bases its operations (even when offline), but to then have an auxiliary synchronized Realm which data can be copied to.
If you have any suggestions about how you think this feature should work, feel free to file an issue on the Realm Mobile Platform feedback repo!
Related
I am building a desktop application and added support for the Firebase realtime database. Because I am running a desktop application users will run different versions of my app.
As my app evolves, new features will be added and may require an update to the database schema as well. But I can't do this as I need to keep all client versions compatible.
For example, I have projects saved in the database at project/${uid}/${projectName}. Imagine in the future projects are not anymore tied to a user because I implement "collaboration" and want to change this path. How would I do this to keep all my clients up running?
You could store that path in realtime database and fetching the URL on client as required. I'm not sure what you mean by implement "collaboration" but if you want all the users to be on same version of your application then you would have to store the latest version in DB and verify the version yourself on client.
projects are not anymore tied to a user
In my opinion, if you could store a list of user UIDs who are a part of that project then that would be easier instead of structuring your app as projects/${uid}/projectname. If it is something like /projects/${projectId} then storing that list of authorized users would be much more easier.
There's Remote Config.
Firebase Remote Config is a cloud service that lets you change the behavior and appearance of your app without requiring users to download an app update.
You may have to use the REST API if your are building apps for desktop. Also as #Doug mentioned in comments, it may not synchronize all clients at same time.
I have two apps that use the same Firebase project, so they use the same database when online.
I would like to know if there is some way to make them also share their offline data. In other words, if I make an offline write on app A, I would like to be able to read that document on app B while still offline (metadata pending write = true).
Perhaps if there was a way to change the Firestore local database location to a shared location for both apps, this could be achieved.
Apps (on iOS, Android, and Web) work in a sandboxed environment, and access to each other's sandbox is highly controlled. While it may technically possible to build a solution that shared the local cache, the Firebase SDKs in each app currently uses its own sandbox for its local cache and these can't be shared.
Also see:
How can I share local database of an existing app with a new app and make both work on it simultaneously?
I have an electron app which persists data in an SQLite db stored in my machine. I have all the setup for the CRUD operation and the application works fine. Now I need to encrypt the SQLite DB file. I searched online for solution but all the solution are for pre-encrypted DB which is being decrypted inside Electron.
The requirement is, user will provide the password using which the app will encrypt the DB file and going forward user will provide the password to decrypt and perform the CRUD operation
Any idea how to achieve this?
P.S.: I have checked with SQLCipher docs and I don't find what I needed. So far, I am using sqlite3 node module to perform CRUD
Edit 1: I tried to use sqlite-cipher module and I was able to encrypt the db in a separate js file. but when I integrate the same with the electron ipcMain, the app closes due to high RAM consumption.
Any suggestions???
If you're using SQLite the best option is use SQLCipher. The problem is that you will have to compile new binaries to work and there are some limitations with the versions of SQLite and SQLcipher for node.
You can use this package: https://github.com/journeyapps/node-sqlcipher
or compiling manually, here you have an example https://gist.github.com/aguynamedben/14253e34bc7e0a881d99c8e45eb45a47
Encryption in electron app is a tricky thing.
This is because it can give you false sense of security.
You might encrypt your local db, but with electron it's so easy to decrypt it back that perhaps it's not worth it at all?
It's very easy to get sources of your electron app. Minification helps only a little bit, but this is not real protection.
There are many approaches you can take but they vary on circumstances.
The questions which needs to be answered are:
who are you trying to protect against?
is security critical or this is only basic measures so not everyone can get data from db at first
glance?
does the user using the app have admin user rights on the
machine?
are you accessing db directly through electron app, or some
kind of system wide service (deamon) is communicating with db and
passing results to electron app.
if previous is "yes" how do you communicate the
service with the electron app and how is this secured?
Take a look at source code access discussion:
https://github.com/electron/electron/issues/3041
and also check this article (especially the security part):
https://hackernoon.com/electron-the-bad-parts-2b710c491547
If I use Realm in my SDK, when someone embed's my SDK in their app and they are also using Realm would there be any conflict? or am I better off just sticking to CoreData.
I'm looking at moving to Realm because I like the thread safety aspect of it and the number of queries it can perform per second.
If you ensure that you use a custom Realm database - not the default - then you should be okay to use Realm in your SDK. Projects can contain multiple Realm databases without a problem.
I'm beginner in eclipse and android apps. what can I do for security of database? prevent hack or steel my database of my app. And where is database of apps in mobiles with android OS?
You can't. It is pretty trivial to get it, no matter what you do. If you want to keep your data safer, you can drop the local database, and make a web service where you get your data from. Then you will have to make some restrictions, so people will not rip your data fast. This is known as anti-farming and you can see more at https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#Anti-farming
But this will only slow people down, and as the article says, large resource adversaries will still be able to get whatever they want.
What to do: don't focus on it, build a awesome app, so no other will reach your user level/profit.
Take a look at https://www.zetetic.net/sqlcipher/sqlcipher-for-android/. It is possible to create a encrypted database with that library. You should only think about where to place the key of it. One possible solution is that user has to enter the password via login dialog for example.
The database and app specific data is located at /android /data/package of your app folder.