currently I am writing a Windows 8 App with Sqlite as a database. I want to give the user the ability to view his data in every instance of the app on any device. Usually this problem could be easily solved by using a online database like Windows Azure. But this is not an option in my case.
Is it a good idea to use Microsoft's free service "Skydrive" as a platform to synchronize database files among several devices? Does somebody know any open source projects or blogs that are dealing with this problem that could save me some time for writing the necessary code?
If it's a bad idea, which other options are there that I could use. I want to keep Sqlite as the database for my App.
I am glad to get any kind of feedback or links to resources that might help me.
Best regards
Philipp
imo it isn't a good idea cause the access to db files is to easy. Ofc you can say that access to database files is easy cause you need to just know the app data path to package of your app but still it`s much more difficult than just opening skydrive. And think what would happen if someone would make this directory on skydrive as public.
I would combine local db and online db. Online db as a service for synchronizing data and local db for normal work.
Related
I have an electron app which persists data in an SQLite db stored in my machine. I have all the setup for the CRUD operation and the application works fine. Now I need to encrypt the SQLite DB file. I searched online for solution but all the solution are for pre-encrypted DB which is being decrypted inside Electron.
The requirement is, user will provide the password using which the app will encrypt the DB file and going forward user will provide the password to decrypt and perform the CRUD operation
Any idea how to achieve this?
P.S.: I have checked with SQLCipher docs and I don't find what I needed. So far, I am using sqlite3 node module to perform CRUD
Edit 1: I tried to use sqlite-cipher module and I was able to encrypt the db in a separate js file. but when I integrate the same with the electron ipcMain, the app closes due to high RAM consumption.
Any suggestions???
If you're using SQLite the best option is use SQLCipher. The problem is that you will have to compile new binaries to work and there are some limitations with the versions of SQLite and SQLcipher for node.
You can use this package: https://github.com/journeyapps/node-sqlcipher
or compiling manually, here you have an example https://gist.github.com/aguynamedben/14253e34bc7e0a881d99c8e45eb45a47
Encryption in electron app is a tricky thing.
This is because it can give you false sense of security.
You might encrypt your local db, but with electron it's so easy to decrypt it back that perhaps it's not worth it at all?
It's very easy to get sources of your electron app. Minification helps only a little bit, but this is not real protection.
There are many approaches you can take but they vary on circumstances.
The questions which needs to be answered are:
who are you trying to protect against?
is security critical or this is only basic measures so not everyone can get data from db at first
glance?
does the user using the app have admin user rights on the
machine?
are you accessing db directly through electron app, or some
kind of system wide service (deamon) is communicating with db and
passing results to electron app.
if previous is "yes" how do you communicate the
service with the electron app and how is this secured?
Take a look at source code access discussion:
https://github.com/electron/electron/issues/3041
and also check this article (especially the security part):
https://hackernoon.com/electron-the-bad-parts-2b710c491547
I was thinking of making an app which plays a specific set of small audio files stored away in a firebase database, or any other database on the cloud.
The number of files may exceed hundreds, so wrapping all the files in the app might not be the best of ideas.
I'd really like to know how to go about this problem.
Downloading only the required file from firebase when it's clicked and playing as its being downloaded all the while caching it for future playback seems plausible, but I'm not quite sure how to implement it.
I'd appreciate a few pointers towards this, thanks
Yes. You are thinking in the right direction.
You might use these things.
App UI - Ionic2 will provide you a very nice and easy to implement platform to create a UI. Please refer this documentation for the basics and details about using Ionic2.
Local Storage - You can use this to store downloaded files. In any app where data is relatively large, using local storage is the smart choice. This helps you reducing the size of the initial app to be installed and download the content as and when needed.
A well defined database - Now, whether to use non-structured (No-SQL) or structured (SQL) is the first choice you have to make.
If it's just content - audio files download and play with no complex cross querying the database, then you can choose to use non-structured (No-SQL) database like Firebase database.
But, if you have good requirements for structuring data, query it with constraints like "Give me all the audio files list where a particular user has played it in last 10 days" or "Give me all the users who has played/downloaded a particular audio file more than 10 times" and so on, then you better use structured (SQL) database like PostgreSQL.
RxJS - Now, this might not be very important to do, but, if you use this from the start, it's a good choice. Advantages are, e.g. you might not have to wait for all the file to get downloaded before playing it. Use Observables and Promises for such a mechanism.
Could help with the specifics when needed. Hope this helps. :)
I have a classic ASP front end which serves to collaboratively enter data into a sqlite database, meant to be used later in an android app. I need to deploy this ASP webapp onto an online server with sqlite odbc installed, because the only other option I know is to use my own computer as a server, and I don't think it would be a good idea to keep my fairly modest PC always on for 3 months or so.
The problem is, I can't find any server (preferably free) fitting these requirements.
Any ideas?
For example, is it possible to host just the sqlite file somewhere, and have the asp script (which I will then install on all the users' machines) access it remotely? I've looked around, and I've found a solution (for MS Access), but it involves changing user permissions on the server machine, which I won't be able to do.
Ok, I came up with a good solution:
I imported my database into MS Access (from Access -> external data -> ODBC database -> follow the steps to choose your database). It works well with my ASP front-end after a few minor modifications.
I can now use any ASP hosting service as they all support MS Access.
When I'm done, I can convert it back to sqlite using this excellent program (SQLite2009Pro - it's actually free despite what the name may imply). I've tested the converted database with my android app and it works flawlessly.
Hope this helps anyone who's still stuck using ASP like me.
I'm beginner in eclipse and android apps. what can I do for security of database? prevent hack or steel my database of my app. And where is database of apps in mobiles with android OS?
You can't. It is pretty trivial to get it, no matter what you do. If you want to keep your data safer, you can drop the local database, and make a web service where you get your data from. Then you will have to make some restrictions, so people will not rip your data fast. This is known as anti-farming and you can see more at https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#Anti-farming
But this will only slow people down, and as the article says, large resource adversaries will still be able to get whatever they want.
What to do: don't focus on it, build a awesome app, so no other will reach your user level/profit.
Take a look at https://www.zetetic.net/sqlcipher/sqlcipher-for-android/. It is possible to create a encrypted database with that library. You should only think about where to place the key of it. One possible solution is that user has to enter the password via login dialog for example.
The database and app specific data is located at /android /data/package of your app folder.
Ok, so here's the thing.
I'm developing an existing (it started being an ASP classic app, so you can imagine :P) web application under ASP.NET 4.0 and SQLServer 2005. We are 4 developers using local instances of SQL Server 2005 Express, having the source-code and the Visual Studio database project
This webapp has several "universes" (that's how we call it). Every universe has its own database (currently on the same server) but they all share the same schema (tables, sprocs, etc) and the same source/site code.
So manually deploying is really annoying, because I have to deploy the source code and then run the sql scripts manually on each database. I know that manual deploying can cause problems, so I'm looking for a way of automating it.
We've recently created a Visual Studio Database Project to manage the schema and generate the diff-schema scripts with different targets.
I don't have idea how to put the pieces together
I would like to:
Have a way to make a "sync" deploy to a target server (thanksfully I have full RDC access to the servers so I can install things if required). With "sync" deploy I mean that I don't want to fully deploy the whole application, because it has lots of files and I just want to deploy those new or changed.
Generate diff-sql update scripts for every database target and combine it to just 1 script. For this I should have some list of the databases names somewhere.
Copy the site files and executing the generated sql script in an easy and automated way.
I've read about MSBuild, MS WebDeploy, NAnt, etc. But I don't really know where to start and I really want to get rid of this manual deploy.
If there is a better and easier way of doing it than what I enumerated, I'll be pleased to read your option.
I know this is not a very specific question but I've googled a lot about it and it seems I cannot figure out how to do it. I've never used any automation tool to deploy.
Any help will be really appreciated,
Thank you all,
Regards
Have you heard of the term Multi-Tenancy? It might be worth look that up to see if that applied to your "Multiverse" especially if one universe is never accessed by another...
See:
http://en.wikipedia.org/wiki/Multitenancy
http://msdn.microsoft.com/en-us/library/aa479086.aspx
UPDATE:
If the application and database is the same for each client (or Tenant) I believe there are applications that may help in providing the same code/db as an SaaS application? ie another application/configuration layer on top that can handle the deployments etc?
I think these are called Platform as a Service (PaaS) applications:
see: http://en.wikipedia.org/wiki/Platform_as_a_service
Multi-Tenancy in your case may be possible, depending on client security requirements, with a bit of work (or a lot of work):
Option 1:
You could use the one instance of the application, ie deploy the site once and connect to a different database for each client. You would need to differentiate each client by URL to isolate content/data byt setting a connection string for each etc. (This would reduce your site deployments to one deployment)
Option 2:
You could create both a single instance of the application and use a single database. You would need to add a "TenantID" to each table and adjust all your code to accept a TenantID to ensure data security/isolation. Again you wold need to detect/differentiate the Tenant based on the URL to set the TenantID for the session used for every database call. (This would reduce your site and database deployment to one of each)