i m currently developing a windows store app for surface.i use sqlite for database tasks.but the db file saves in APPData folder as separate file.i want to make it more secure.how can i do that?if sandboxing is a solution,then how could i sandbox the db?
Windows Store apps run with (a limited set of) the user's permissions. Anything the app can get to the user can get to. Sandboxing prevents the app from affecting the rest of the system. It doesn't prevent the system (or the user) from getting to the app.
To secure the database from the user you'd need to keep it off-system on a site that you control.
On system you can make it more difficult for the user by encrypting the database or its contents. I haven't looked at it closely, but a quick search found that SQLCipher Commercial Edition supports Windows Runtime apps. If you prefer to encrypt it yourself take a look at the Windows Runtime's data protection API.
Related
I am working on an application built using web technologies (html, css, js) that will run as a desktop app using electron. The app will connect with database and file storage services hosted on firebase. Users of the application will not need to sign in to the application in order to authenticate, but the application will be both reading and writing data on firebase's servers.
We don't want to allow anyone not using the application (or firebase's console) to be able to write to or modify the database or upload or delete files from storage.
There will also be a website which will only be able to read the firebase-stored content. If possible I would like to limit reading of the data to that site and the application, but if that's not possible then opening up the stored data and files to be read by anyone wouldn't be an issue.
What is the best way to configure authorization for this app and website?
Thanks!
I cannot find an answer after searching on the internet, but if my app creates a database on mobile device named 'myDB' with a table called 'users' what happens if another vendor's app on the user's device creates the exact same name? Are the databases isolated by app?
If you're talking about a Android device: yes, other apps can't access your app database. (unless they have root access)
Android provides full support for SQLite databases. Any databases you create will be accessible by name to any class in the application, but not outside the application.
http://developer.android.com/intl/pt-br/guide/topics/data/data-storage.html#db
I've got an internal ASP.Net application which I would like to send to someone. The problem I have is that the app is using local SQL Server database. Is it possible to have a copy of the database to the file and just replace the access to the db for the file? If yes how?
Personally, I would sign up for a free Microsoft Azure account, use the free Azure Migration tool to copy your database to Azure, then just change your web.config to point at the Azure database.
This saves having to buy any SQL Server licenses, and requires the fewest amount of changes to your app.
No, they'll need SQL Server as well. They can install a free Express edition if they're eligible for the license.
If you set up your application properly, it should be easy to replace the data layer with a portable database like SQLite, so they don't have to install anything.
I have an existing ASP.NET website that I would like to port to Azure within my free trial.
I would like the migration to be as painless as possible. The application uses log4net and NHibernate, plus it needs to share data with an application supposed to run on a virtual server.
Two questions can be asked as 1
How do I configure paths in Web.config to access a shared drive?
I need to configure the paths into which logs will be stored and, most important, I have to specify where the application will read the files written by the daemon that will run on my Azure Linux VM.
When both the app and the daemon ran on the same server (yes, I had Mono running fine) I just had to choose a shared local directory.
I'm not sure I'm totally understanding the scenario, but I'll try to give you a few options.
One - Windows Azure Web Sites (currently in Preview) could be a great option for your ASP.NET site. Of course, it depends what needs your site has. But, you can write your log4net files with web site and using NHibernate too.
Two - Web roles work great for situations like this. You would likely have to change some code to use blob storage for persistant file storage. You could use Windows Azure drives as a way to get a persistent location for log files. Windows Azure drives don't have a pre-determined drive letter, so you'd want to use the API to get to that. That may, or may not, be a good option for your situation. With web roles you could also write the log4net files to local storage and use Windows Azure diagnostics to transfer them periodically to blob storage. Just another way to persist the files.
Three - Using Windows Azure Virtual Machines (currently in Preview) you could write the log files to a data disk, which is backed by blob storage.
In the end, if you have files you need to share across instances and/or roles, then leveraging blob storage is likely your best option.
I am developing an ASP.NET website. The users can open up the web page and work with data when they are online. But I want to make them able to work when they are offline and submit their changes later when they are online again. The offline application must be very simple to run and I don't want to develop a separate windows application for this purpose.
So I want to build an executable that when starts, first starts up a local IIS and then opens the startup page of my website (which is locally available) in the user's browser.
And of course it would be great if this executable can be installed on the user's system along with my website files, IIS and SQL Server Express all in one package.
OK I re-read your question and see that you will have local IIS and local Database installed on all client systems.
So then the solution is very simple.
The Applicaiton (main form)
Create a windows forms application.
Put a WebBrowser control and a StatusStrip control on the form.
Add two string resources named say LocalStartUrl and OnlineStartUrl, which holds the addresses of your local and online website home/startup pages.
On Form_Load, check for online internet connectivity and accordingly launch either LocalStartUrl or OnlineStartUrl in the webbrowser control. You can show messagebox and use the StatusBar to inform the user of the same.
The sync module:
The database sync module runs in the timer/separate thread and synchronizes your local database with online database in the background. It sends any unsaved changes to the server and downloads any missing data from the server to local database. You would need to control the speed of this module so that user doesn't face difficulty browsing other websites or using the application smoothly etc. It should be slow and steady and send/request only small chunks of data at a time.
When in offline mode, it just periodically checks for online connectivity at regular intervals. As soon as an internet connectivity can be found, the user is informed. If they permit, it switches over to online mode. Otherwise the user continues to work offline until the application is closed and launched again.
In online mode, the sync module syncs data to & from the online database. This doesn't affect the user because they are not connected to this database. Instead they are connected to the online website and database.
It will take efforts to streamline this approach, but ultimately it is achievable easily.
This won't be just a single task. It would be a series of task working together in sync.
Your windows application does the following:
Write the offline changes to a disk file/database etc.
Periodically check the online availability of your website/ftp site.
Whenever the website is found to be available, and there are some cached changes, submit the file to the website/ftp site.
Your server does the following:
Whenever a file is recieved, check for its validity and integrity. If found correct, put it in a specific folder.
A service on your server watches the folder and as soon as any file is found there, processes the file(s)
The service moves the file to another folder (backup) after processing.