I'm currently building out an application that stores user data in a database. Part of the specifications of the application dictates that the user should be able to access their data from anywhere, this includes phone based apps that I'm planning to write with HTML5 and port using one of the various HTML to app converters.
My issue here, is that since the data needs to be access from several devices, I'll need some sort of central database to store the information. I have no problem writing code to query the database, but the issue of how to handle it on the phone side is giving me a little trouble.
I've read before that it's unwise to embedded the database login credentials in each app, and this makes sense. However, then I'm not sure how I would need to go about adding the ability to connect to the databases.
I'm thinking about adding in some sort of database connection layer to my application. I'm thinking of having some sort of key added to the app itself, which is required by the database to connect. That way, the login credentials are only stored in one place, and on my server.
There are still some concerns with this approach in my mind.
Is this going to be a large performance issue; having to connect first to a script before querying the database and then having it perform some sort of check to send the data back to the user?
Is this really necessary and any more secure? How bad of an idea is to to directly code the database login into the app itself, and how much risk of any potential problems does this actually migrate?
When it comes down to it, I don't have much experience with this type of application, and I'm wondering if my idea is good enough to work, or if there is any other ways that are clearly better that I should look into.
Related
I am a newbie to the web application. I just understood what is an api and why it is used by reading some online blog. But I was wondering why to use an api to fetch data(or insert data) when you can directly fetch data from database using PHP and mysql.(I am sorry if this question sounds stupid.) An answer with example would be great. Thanks
API are used to make communications more secure. With an API you can add encryption, different users and roles and a lot more. With MySQL you can not do that on the same level.
Future more, MySQL is a service, and if you work directly with it, it has to be open on a Port. Here you can not add not as well protection as you can on a Webserver.
An API can also add some logic. Maybe you want to control the input given by a request to it. Or maybe you want to have some additional calculations going on, before you make any INSERT or UPDATE to the database. This can help you to have your database clean.
If the System where the database and the API is located at, decides to change the database from lets say MySQL to PostgreSQL or anything else, every service connecting to it will have to change its code to make it work with the new environment.
So, an API can be more secure and has some standard everyone can rely on, even if the APIs background changes.
I know this subject has been discussed among many in SO but I have a specific issue that I would like to get your opinions on.
I apologize in advance since this is exactly not a coding issue.
I am a self learnt developer and I do not have CS degree exposure or any sort. Majority of everything I know is learnt through the web.
I am planning on developing a multi tenant app which uses angular for front end, laravel for backend/api connecting and mysql to store data.
I plan on assigning a unique key for each tenant identified by 2 or 3 letters (to be decided later) which the user will have to type upon login to identify the tenant. Let's call it the tenantId.
Also, I am contemplating of using a subdomain and getting the subdomain as the tenant id for seperation. Lets assume for this scenario that I have the tenantId with me.
Also, laravel will have 2 connections defined. Lets say tenantconnection(to hold individual tenant db credentials) and masterconnection.
Masterconnection holds db credentials for a database that holds the tenantkey, db username, db password, db name, mysql server address in one of it's tables.
Upon getting the db credentials from mastertenant, laravel will update the tenantconnection initialised in the database.php file in the config folder.
So every API call, laravel will have to connect to master get credentials for tenantconnection and then call the db.
In your opinion/experience how practical/applicable is this?
Can this pose any latency even if the db server and app server is within the same datacenter?
Is this method of connecting an accepted method of connecting in a multi tenant environment?
Also, on every API call to laravel i plan on sending the tenantid through JWT. I am not really comfortable of saving tenantid on localstorage.
Can localstorage be manipulate by using any tools such as firebug or something similar of that nature?
I thought of using sharing the db and using schemas in the same db,but the app is designed to hold financial data so I thought that separating them would be the best. I have researched the pros and cons and decided that using a seperate db for each tenant is the best.
Your feedback is greatly appreciated.
Sorry if posted on the wrong stack site.
Sorry about the long read time.
Most of your questions are opinion-based, which makes it kind of off-topic. I would just add a comment, but it wouldn't fit.
Can this pose any latency even if the db server and app server is within the same datacenter?
I don't think a 10~20ms delay will impose any problems. Make sure you understand the basic of MySQL indexes because if someday you face database problems it is important to not automatically assume it's the tenancy fault. It's usually bad indexes.
Is this method of connecting an accepted method of connecting in a multi tenant environment?
I think so, I'm using it like this. The only difference is that my application is not Web App + API. I use blade.
Also, on every API call to laravel i plan on sending the tenantid through JWT. I am not really comfortable of saving tenantid on localstorage.
I don't know your project specs. If each user can have access to more than 1 tenant, then yes, this seem to be a good approach. If each user BelongsTo a
unique tenant, then why bother with tenant-id at all? Just take the tenant from the user authenticated by the token.
Can localstorage be manipulate by using any tools such as firebug or something similar of that nature?
How to view or edit localStorage
Specifically, I am working with PHP and data on a Web application.
As far as I can tell, the main reasons to access user data are:
For logging in
For communication, including shipping products
It seems to me that the sort of data most likely to be of interested to hackers is user data, so it deserves extra protection.
Here is a possible technique. I normally use PDO for database work, so the following should apply to any supported database.
Create a database users with a single table of users.
Create a user restricted to the database
Create the PDO object accordingly
From the main login script, call an included script which authenticates the user.
For added security, this script may be outside of the web root?
Do the normal stuff using session variables. In particular store the relevant retrieved user info.
Go ahead with the rest of the data from the main database
I don’t think all hosted servers make it easy to store anything outside of the web root.
My wild guess is that the user database is less likely to be compromised if it’s not part of the data most frequently accessed.
I also imagine that separating the user data from the password into separate tables is also a good idea, but I’ll put that into another question.
I’m not suggesting it’s a perfect solution, but I am looking for better protection. The question is: would a technique such as this provide more security than keeping the user details in the main database?
You could write an authentication & authorisation service altogether. Look at OAuth. You authenticates with a username and password to this service and the auth server can generate tokens which enables access to your service.
https://en.wikipedia.org/wiki/OAuth
Yes, actually that is not a bad idea, but I would do this differently:
Create database, user account to it and user data tables necessary.
Create a different webhost(eg userapi.myhost), which could be even a local host. The new webhost should have its own web root in a complete different location from your main app.
Create an API to get/change user data with a script(or use a framework) in the new host.
Auth protect http requests to your API and restrict access to specific IP(even your local ip if the api is on the same server).
Your main app uses the new API to access/change user data.
So, eg a user tries to login to the main app with user-password -> main app sends his login to the api -> if correct, get the info.
This can secure against sql injections, since your main app can have a lot of libraries and services that do a lot of different queries to your database and maybe some of them have security holes.
I would suggest:
Keep the user API simple and tested.
Keep the user admin on the secondary app(additionally password protect and restrict access to it to your ip).
Unfortunately, this does not secure you completely. There is a case where a hacker might place his own scripts or change your code, "see" the login details and access user data through your main app. Well, there are a lot of other ways, and a lot of different solutions. (apache openbase_dir restriction, remove write permissions for "apache" user to your code, remove execution handlers from directories "apache" user can write, eg images, etc)
Since you are looking for a better protection, I would sure suggest to go for it, if you do not mind to invest a little more work and time to it.
I'm new to Android programming and I'm trying to create an app which needs a persistent remote database. Now, coming from Java and local databases, I've always connected application and database directly, without an intermediary.
I'm not seeing the point of this workaround, can someone please make this clear? I've tried searching on Google, but it seems everybody assumes this as a principles (or maybe I need to look for better keywords).
The most important argument that I can think of right now is SECURITY/QUERY VERIFICATION.
You most likely want to use an online database (perhaps MySQL) because you want to store shared information between ALL users of your application in it. The major difference between a local and an online database is that many many users have access to it - both writing and reading access.
So imagine you have your android application and now want to save some user generated data from it in your online database. Assume there is no PHP intermediary: The app directly sends the finished MySQL request to the database.
But what happens if someone looks into the source code of your app or uses any other way to manipulate that request? Let's say he changes a query from
SELECT * FROM user WHERE ID=9434896
to
SELECT * FROM user
Exactly - he gets all information from your user data table, including sensitive data such as passwords or E-Mail Addresses.
What evaluates these queries and prevents them from happening?
Your app surely doesn't, because the user can easily manipulate/change the app.Your MySQL database doesn't check them either, because it always assumes that the query is what the developer actually wanted. As long as the syntax is correct, it will execute it.
And that's what you need the PHP intermediary for:
You send values to a PHP file (e.g. check_login.php receives the values 267432(userid) and hie8774h7dch37 (password)), the PHP file then checks if these values are actually a userid (e.g. "Are they numeric values only?") and then builds a MySQL query out of it.
This way the user has no way to manipulate the query as he wishes. (He can still send wrong values; but depending on the situation it is also possible for a PHP script to check if the values are legit or not)
Perhaps this will give you some context. I built a game on Android and iPhone, and I wanted high scores stored in a remote database.
Security is the main reason you would do this. You should always do data validation on the server side, not client side. By doing it this way, my php script can validate input before making changes on the database. In addition, it is not safe to store database credentials in your apk file. This opens up a range of security vulnerabilities. Safer to keep this on the server side.
Secondly, by utilizing a single PHP script, I only need to debug/manage code that validates data and interacts with my database in 1 place... the php file. This saves me plenty of time rather than updating all of the queries and validating criteria in both the iPhone and Android instances.
I am sure there are other benefits to this approach, but these are the reasons why I do it this way.
It's an abstraction layer. You don't want to code your app to MySQL and then discover your backend is moving to MS-SQL. Also, you control how you present information to the user. If they have access, they can read everything. If you have an abstraction layer, then they can only get information by going through the proper channels.
I am designing a web application that is heavy reliant on database tables/records and have already designed the login system. As it stands, the login system creates an element in the session to verify that the user is logged on. This works fine.
However, as I've been coding my application--I have found a constant need to check that my users are authorized to perform certain actions.
For example--I have a feature which allows users to edit their profile at www.mywebsite/account/edit/1 -> 1 being the Id. In terms of future scalability, is it practical to perform a database query to check that the current logged in user has access to edit their information after arriving at that URL?
My concern, of course, is that someone would just put in a random Id to edit another account.
I have also thought about creating a form between every transition to post this data, yet that comes with a load of limitations itself.
I was wondering if anyone had hit the same problems and found an overall solution to this problem?
This is a concern that everyone addresses at some point or another. The way I see it, you're really asking a couple of questions:
How do I make sure a user is authorized to access something? and
Is checking the database every single time really the best way to do it?
With respect to the first question: the approach you're taking is probably the only realistic one. It boils down to this: whenever a user needs to do something, your application needs to check something to see if they're allowed to do it. What is that something? It's called an Access Control List (ACL).
You could hard code the ACL in your application, but that's a really bad idea. So that means you have to store the details of an ACL somewhere. And when we start talking about storing something in our applications, the obvious answer is (almost) always in the database.
Which leads to the second question... a quick check of the database to see if a user has access is generally not going to be a huge bottleneck, provided your database design is sensible. You're going to be doing something like SELECT key FROM acl WHERE key='something' AND user_id='current user ID'; and checking to make sure you get at least one result. It's going to add a little overhead to your application, but what's the alternative? Some sort of hard coded ACL? Loading the full ACL for your application and searching it for the key and user ID in your PHP code?
If you're really concerned about the overhead involved with your ACL stored in MySQL, you could look at some of the other databases like MongoDB or CouchDB which should be faster for simple key/value pair lookups (note that I've looked at both MongoDB & CouchDB, but not used either in applications), but I think you'll find that, for most applications, doing it in MySQL should work just fine.