I'm trying to make a web chat app for a mincraft server useing this api. The demo script for what I want to do shows the conection info, in plain text, witch will be easyly visible from any clients computer. Is there any way I can store this securely while still having the same functionality? Preferably retrieved from mySQL with php.
setup a proxy that adds the sensitive connection details to the request.
There is no way that i am aware of to do what you are asking in javascript.
Some tutorials about JSON cross-origin proxies may help you as they are similar to your problem.
Related
I'm new to Android. I'm developing and Android app which contains some database calls. I'm sending DB_USERNAME, DB_PASSWORD as parameters in POST request to PHP and then get MYSQL Database connection using PHP.
Is it good to pass Database User Name and Password as Parameters ?
or
Should we give Database User Name and Password in PHP ?
Thanks in advance.
By asking this kind of question i highly recommend you to first read into the basics of web-security!! :)
Sending credential´s over the web to your server for it to access a database is an absolut no-go.
Your webserver stores the credential´s in a seperate file which is not accessible through the web. You can do that by having the credential-file outside of the document-root of your webserver.
Furthermore: Your DB-Server should only accept communication from trusted IP`s. If youre web-app instance and DB-instance are on the same server, only accept from localhost.
You probably want to authenticate youre app-clients for limiting the accessibility of your database calls. Commonly you send the clients credentials once, which the server validates and responds with an auth-token. For any further communication the token is used, which invalidates after defined period of time. (Token-Based Authentication)
The idea is to minimize the exposed time frame of the credential`s. Even if you use SSL encryption for.
Best of luck
Hannes
I need to connect my mobile app to a database so it can send information from the app to the database.
I have looked at a ton of tutorials but they seem to irrelevant to my situation or write the entire application in XML. Can I connect it through script tags in the app or do I need to connect to via PHP and if I do where do I place that file in the application?
It is not clear to me if it is a local database on your phone or not.
If it is a local database on your phone I would use android's api.
If it is not, the best option is to write a SOAP or Rest service which need to run on a server. Personally I would go for a REST service, because it is less complicated. Although if there is sensitive data it might be better to use a SOAP service. You might take a look at this.
For calling your Rest services you could use a httpwebrequest. I belief this is an good example.
Write ur database related code in php and from your app send the post or get parametized url so it can be stored to ur phpmyadmin db
I'm starting a new application that will have a server side PHP and client in Android another (at the moment, and then also probably iphone). The application will only be used from mobile customer applications ie not to be used by web. My question is what would be the best way to login to this mode of operation?
thank you very much
It sounds to me as if the server side will be some sort of API that opens up access to a users data. The easiest method would be sending along a stored username and password with each request. This would only work if the connection your using is secure (https) which brings in the hassle of obtaining an ssl certificate.
Another option would be using OAuth, though your use case seems a little bit different than the standard OAuth use-case. OAuth is a protocol that uses a token based system to establish a users permission to access certain data from an application by another application. In your case you would be in control of both the first and the second application (hence my remark on being different than the standard use-case) Read here for more info.
I think it will be more easier if you use a webservice to make this connection between android and php server
this Presentation may help you ..
you are gonna deal with SOAP and xml or JSON to send data from android to php server.
and this a Video that shows how to deal with REST android Apps.
hope that help.
I think building an API on the server-side would be the best approach. For example a simple REST endpoint might be the way to go.
You can also host the API over HTTPS so that the communications channel is secure.
you need to create PHP web service for that. and while accessing you can pass security key like IMEI of phone for log. I think it can be secured mode for login from Android Phone.
Best practice these days is to set up a simple JSON web service, and use the built in Android HTTP & JSON libraries to interact with this service.
Create a login page in android, take the values from the fields send those values to server using httppost there store in your database and send response from the server
i think you first make a login form on Php server and send it the login and password as soon as user types and php returns the JSON object then read it if login is accepted by server login to application.
another way is when user don't have the net access make some Content providers on android and store the user pass there and match from there locally.
we need to send an http post from an iphone device to our server with some info which the device token (APNS) which we want to store. How on the server do you read the HTTP post and store what is in it? We just have a standard ISP hosted server which currently just has a website.
Thanks
There are many ways you could do this. You probably want to store the values in a database. Your hosting account probably has databases. Find out what database software is installed. The chances of it being MySQL http://www.mysql.com/ are high.
Depending on what you want to do with the data, a simple PHP http://php.net/index.php script that accepts POST data, parses and checks it would be fine. However, be careful. You should do some kind of authentication prior to inserting the data into the database. Or maybe the value you are sending to the server is already encrypted and you can verify it that way.
You could also use Perl, Python, Ruby, etc. It depends on what your host supports.
I'm creating a website using PHP and MySQL, and I'm trying to add some Silverlight stuff to the site. I need the users to be able to do stuff in the Silverlight app, and for that data to be saved in the MySQL database. I'm wondering about how I could do this...
Can I get the client side Silverlight app to log in to the server side MySQL database? Would this be a security risk? And if it's possible, how would I do it?
Or is there a better way anyone can think of? And any ideas how I'd implement it?
Thanks everyone! :)
No you should not have the app interact with your MySQL database directly. In this type of situation you will need to implement some form of web service, which exposes your data to the client. The Silverlight client code will then send requests to the web service, which runs on the server and has access to the database. Using a Microsoft technology on the server will make this a lot easier, because the IDE will do a lot of the wiring up for you, but I'm sure it could be done with PHP as well.
I would look into how to create a PHP, REST or SOAP based webservice and go from there.
Here is a video explaining how to consume the service, once you have that sorted out on the server.
http://silverlight.net/learn/videos/silverlight-videos/http-communication/