适当的体系结构，用于连接到数据库的iOS？ [英] Proper architecture for iOS connecting to database?

问题描述

我是一个web开发谁正在为创建移动（的iOS / Android的）应用程序。

因此​​，我想要了解的是我应该如何架构的移动应用程序访问存储在中央服务器上（后/更新/删除）数据。

为了便于说明，让我们说我创建一个移动配方应用（名为MyRecipeApp）。有些食谱我想与MyRecipeApp其他配方用户共享，以及一些食谱我要保密自己。

为了分享菜谱，所有的配方（包括私人和共享）存储在一个集中（服务器），数据库和MyRecipeApp访问该数据库来获取这些信息。

因此​​，我有几个问题：

1. 通过MyRecipeApp，我该如何访问数据库？使我的数据库公开访问到MyRecipeApp可以与数据库？如果是这样，这似乎是不安全的。

2. 我硬code SQL到MyRecipeApp（如SELECT * FROM食谱WHERE USER =约翰·史密斯）来访问数据库获取的食谱？如果是这样，这似乎不安全在这个意义上，有人可能只是破解我的手机应用程序，并更改SQL来获取任何信息。

3. 你发送的用户名/密码，每次读取到数据库？如果是这样，你怎么加密数据库和MyRecipeApp之间的流量。

4. 还有什么是我没有想到在我应该如何架构一个移动应用程序？

解决方案

1. 连接通过API（也许是宁静的HTTP API）。
2. 请不要硬code SQL。相反，使API调用，传递参数。
3. 是，发送验证信息的每个请求，并使用HTTPS，或者只发送用户名和密码的第一个请求，并得到一个会话令牌和使用，在后续的请求，但仍使用HTTPS。
4. 在考虑以JSON格式发送和接收数据。

I'm a web developer who is moving into creating mobile (iOS/Android) applications.

As such, what I'm trying to understand is how should I architect the mobile application to access (post/update/delete) data stored on a central server.

For illustration purposes, let's say I am creating a mobile Recipe application (named "MyRecipeApp"). Some recipes I want to share with other recipe users of MyRecipeApp, and some recipes I want to keep private to myself.

In order to share recipes, all recipes (both private and sharable) are stored on a centralized (server) database and the MyRecipeApp accesses that database to fetch that information.

As such, I have a few questions:

1. With MyRecipeApp, how do I access the database? Do I make my database publicly accessible to that MyRecipeApp can talk to the database? If so, that seems insecure.

2. Do I hard-code SQL into MyRecipeApp (e.g. SELECT * FROM RECIPES WHERE USER = "John Smith") to access the database to fetch recipes? If so, that seems insecure in the sense that someone could just hack my mobile app and change the SQL to fetch any information.

3. Do you send the users username/password with each fetch to the database? If so, how are you encrypting the traffic between the database and MyRecipeApp.

4. What else am I not thinking about in how I should be architecting a mobile application?

解决方案

1. Connect through an API (perhaps restful HTTP API).
2. Don't hard code SQL. Instead, make API calls, passing parameters.
3. Yes, send authentication information with every request and use HTTPS, or send username and password on first request only and get a session token and use that on subsequent requests, but still use HTTPS.
4. Consider sending and receiving data in JSON format.

这篇关于适当的体系结构，用于连接到数据库的iOS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！