I am working on an Android application that will allow users to gain access to certain sets of files and then sync them with their device for offline use. Thus, when they first download my app, they will have no account or files, they will have to create an account, then enter an access code to gain access to certain file directories for download.
I have the majority of UI of the app completed, and it now needs to be 'plugged in' to a backend. I am a little familiar with PHP as I have done a few dynamic websites, so I am familiar with working with phpmyadmin, but I really want to make this backend schema well made and able to handle business.
I don't know where to start to design the relational databases and all the other factors I may have not even thought about yet. Does anyone have any good references, tutorials, anything that may help me take this next step?
if you want to learn about data base modeling, these websites can give you a good start example2 example3
or do you wish to learn about SQL coding?
Related
Long time reader first time asker, if my question is silly or missing info or miss titled lemme know and I'll fix it.
Okay, so I'm working at a community center for the next 8 weeks as a tech help assistant, I'm also a CS student.
They have a web application that is quite old running locally on an iis server (version 7). It's for keeping track of their members, events and registration It's written in asp.net and is using and Access database. They also have a wordpress website (php, mysql, apache) for advertising events and sharing information about what's going on in the community.
What they would like is to link their wordpress to the local application. I've been racking my brain about if this is even possible or not. I'm leaning towards not possible because the local application and shouldn't be outward facing as it has sensitive data on it and was not designed to be secure in the face of would-be hackers.
The only solution that I could think of is create a "walled off" section of the computer hosting the local application. Also an outward facing port that accepts incoming data from the wordpress site that is then passed onto the access database as an update (increasing a counter for the amount of people registered to a program). It needs to be possible for a file to have some kind of global (from the web) executable permissions and have all the other files on the localhost computer locked down from this global permission.
We would also need to be able to get 2 boolean values from the local app for the wordpress site. This is for if the program/camp/whatever is full and if the update was unsuccessful in the event of something going wrong. I'm just not sure if something like that is even possible and where to start with that. The most important thing is that it's secure.
If a secure API could work I have time to create something like that.
I don't have enough time to upgrade their local system to make it safe enough to be online because I have to run tech help sessions. I know that is the most realistic option.
Thanks very much
What they would like is to link their wordpress to the local
application. I've been racking my brain about if this is even possible
or not. I'm leaning towards not possible because the local application
and shouldn't be outward facing as it has sensitive data on it and was
not designed to be secure in the face of would-be hackers.
I think you've hit the nail on the head right there. It looks like you have a decent understanding of the situation but not of their internal app. The fact is that it's hard to scope something like this without getting in and getting details. Step 1 would be to see if you can talk to whoever it is that built the thing and get their feedback. It might be secure enough to expose some sort of connection.
Really there's not enough information here to determine a good answer, and you should be wary of anyone that says it's secure. There are a ton of factors that go into web security.
You might be able to throw together a basic RESTful API with authentication to send only to the wordpress site's IP. But if it's sharing the IP that information can be consumed by third parties so you'll have to decide if that is an okay risk.
I wouldn't try and expose everything and partition with apache. A basic RESTful API with authentication would be best at first glance IMO. That way you only show consumable data and limit what can be used.
I'm developing a system (o rly?!), a regular system. This system maybe considered normal: CRUD's are all over the place. BUT, I also need to access his data as a web service. I'm developing both: the system and the web service, using Laravel 4.
I have controllers, of course, for all the CRUDs on the system so an user can be able to put information on the database. Pretty simply stuff...so far!
As I said: I need to consume data on a web-service format. I need to make request and record data to the server throught a JSON string and REST verbs. That being said, here comes the question:
Should I create a whole new project to access the data as a web service and separate it from the original project (cruds) or this is just a stupid idea of mine?
I think this might help on the security and on the cohesion on both projects.
Any answer is welcome ans thanks in advance! =D
If you are a coder who can easily organise an additional layer into your current app, to create the web-service layer, then do it.
If (like me, and probably most others) you'll just get swamped in a mess of files and folders, and end up changing code which impacts your already existing app - stay well clear! Write a new web-service app!
Separate the concerns, and sleep happy at night that both animals are caged up separately so they can't kill each other.
Although...you are using laravel. So you can actually create separation quite nicely in one app by using packages (were called bundles in L3). You still might run into the risk that you mess up some code of your current app, but if you are strict with yourself, you should be ok.
One question I'd ask yourself is why not just have the app ONLY be a web service, and create clients that meet any needs you want? It does seem odd to have an app being used as a web server and also as a web service. You may run into all sorts of performance problems if you try to do both in the same app.
UPDATE:
For a definitive answer on if you are doing this the right way: I say no, you aren't doing it the right way. Create a web service from your app, and ONLY allow it to be a web service. Then create client apps (web service consumers) to meet any needs you have for displaying the data.
I've been working on a site (for my company) to allow selected data center users to remotely access a scheduling calendar and some pages offering information on the various servers they are coming to the site to access--on a separate site. Initially, I was under the impression that I'd be creating a database and registration page to add, authorize or track end users. My initial project coding has been a combination of HTML, PHP, CSS, and MySQL and Apache for the database side. Now I've been told that we will be using AD, tied into our company's official Active Directory, so that users can use the same IDs and passwords that they've already had approved by our company.
My question is (hopefully) simple. Is there a certain web programming language that I should use in creating the pages that works better with Active Directory than others?
If you are comfortable with PHP, you should be able to achieve the above no problem!
The beauty of PHP is that someone somewhere along the line had the same problem as you so chances are, there's an established solution already.
adLdap seems to be a good solution, a library that already does most of the hard work for you and all you'd need to do would be integrate it into your script!
See: http://adldap.sourceforge.net/wiki/doku.php?id=documentation_user_functions
Hopefully this can make it a little easier for you so you can concentrate on the other things like the actual functionality of the website itself.
I am developing a small application that is going to serve as viewer (sort of dashboard) for a web application that uses MySQL as back end database. The application will only be doing SELECT’s, no INSERT’s or UPDATE’s or anything that changes the data. I know that the preferred way to architect this application would be to create a web service that has access to the database and then have the client app call the web service. This way you can really secure you MySQL database allowing only localhost access.
On the other hand, having a web service raises the complexity and resources needed for the application a lot. I not only have to write the process twice, I have to write two sets of test suites plus integration tests, and since the client is written in .net c# and the back end in php I have to develop some kind of interchange format and keep switching between two languages and IDEs throughout the development process.
I am probably going to write the service, but what I wanted to know is what the experience out there has been? Am I crazy just to consider accessing MySQL directly from a client or the fine engineers at Oracle have done a decent job securing their database, at least for users with only read rights.
If you use direct access to your mysql database just to select tables, you will need users that only have the right permission access to ensure the access security.
But you need to keep in mind that if you open the database port for external access, any security failure from your database will be exposed.
If you need other rules for example an specificity select that only select the group access from an user, you will need to write procedures in your database that read parans, and keep in mind that if some user exploit your application, he will be able to pass other parans for consulting your database.
No only oracle or mysql, all databases have lot of security options to give external access, but to use for complex applications is even more difficult than make a service layer to ensure the security access.
And you don't have crypt communication in the direct SQL query consulting as default.
Just make sure the user it accsesses the database from doesn't have permission to do anything it doesn't need to do such as drop tables.
a user with read only rights should do the trick
I need some guidance around how to develop the app I'm working on.
It's basically a backend system to manage photos and slideshows (eg arrange photos in albums, decide which ones to publish, update names and captions etc)
I would like to avoid giving the source code to clients but would like to keep the actual photos and thumbnails on the client's server.
I'm not sure what would be the best way to achieve this. In my mind the steps are:
a) client uploads a photo to MY site
b) photo is registered into my DB
c) the original photo is moved to client's server
d) thumbnails are generated and saved on client's server
then the public site:
e) install the public website on my client's server;
f) when a user is browsing the client's website, the script gets the list of images to show from my database, and gets them from the local server.
(hope I made myself clear)
basically the question is: what's the best way to give the client minimal/no access to the source code?
I agree with benjy, however, you can get away with using an API to manage the system specific calls, and just have an upload handler that communicates back to your API on the clints box, so they still have some code, it is minimal, and the code requires an API call to function. That way you reduce the DB need, and reduce the resources required to manage the clients code.
API is used to authenticate / manage communication while the upload / manage scripts handle the upload/image handling.
IMO, this seems a little unnecessary. What exactly is your concern about having the source code rest on a client's server? All you need is a signed license agreement between you and the client preventing them from doing anything with it.
Or, if you really don't trust them, just sell it as hosted software. No point in the above procedure, which is rather convoluted (no offense), when you can just have everything on one server.
Just my $.02.
You can obfuscate the code with a commercial tool like IonCubelink text, or you can develop your application and license it using a SaaS model, and provide an API for the client software to use.
Zend Guard, SourceGuardian, IonCube, and similar are other viable options if you cannot keep it local but want to make it difficult to find out what the "source" is.