Databases
StackOverflow2013
Postsdbo
POAccess database securely from iOS App
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAccess database securely from iOS App
    text
    copied!<p>I chose MySQL after looking between MySQL and SQLite for accessing because my iPhone app needs to pull information from an online database that is already in MySQL.</p> <p>I believe the traditional way of accessing information would be: To have a php file on the server that does the accessing for you.</p> <p>The iPhone app would call this php file and it would return the results.</p> <p>iOS app will call <a href="http://somewebsite.com/index.php?id=234" rel="noreferrer">http://somewebsite.com/index.php?id=234</a> and the website would print out the username of id=234.</p> <p><img src="https://i.stack.imgur.com/qqB0E.png" alt="What happens in the background of an iPhone app"></p> <p><strong>Now, how secure is this process?</strong>... I would obviously use prepared statements and https. But what if someone found the URL for this website? How do I protect myself against misuse (someone could generate a list of all my users)? Is this the standard way to have your iPhone app connect and get info from a database?</p> <hr> <p>Edit: Furthermore, lets say I needed to create an app login page... I have a MySQL database with username and password (hashed obviously). Would it be safe to use $_GET variables to see if they are authenticated. Like for example: <a href="https://somewebsite.com/checkauth.php?username=test&amp;password=C3LyiJvTCQ14Q" rel="noreferrer">https://somewebsite.com/checkauth.php?username=test&amp;password=C3LyiJvTCQ14Q</a> and have the php print out yes or no. Picture examples below:</p> <p><img src="https://i.stack.imgur.com/Hz24F.png" alt="This is how the iPhone would authenticate a user"> <img src="https://i.stack.imgur.com/ywEvL.png" alt="This is how the iPhone would authenticate a user"></p> <p><strong>I would assume the above method would not be safe to do... but I need to be enlightened.</strong></p> <p>Also, I'd prefer to stay away from calling the database within the app using third party API, not supported by Apple.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload