We are making android application, which needs to get data from mongodb database. There will be many entries in database and there will be requests quite frequently. Should we access it directly or make a PHP script, which would access it and return required results in JSON?
Asked
Active
Viewed 3,078 times
3 Answers
6
Should we access it directly
You definitely do not want to expose your MongoDB server(s) to the Android application directly, especially if the application will have a user role allowing write access to the database. Anyone with access to the Android app could potentially discover and extract those credentials, and if your Android app is designed to connect from a wider network this exposes your MongoDB server unnecessarily. You may also be opening your MongoDB server to possible denial-of-service attacks or rogue queries.
The MongoDB documentation has a detailed section on Security Concepts including network exposure and security. Best practice for any database deployment is to limit the range of network addresses that can connect directly. Generally direct connections should be limited to your application servers and monitoring apps, which are probably hosted within the same network infrastructure.
make a PHP script, which would access it and return required results in JSON?
Yes, a recommended approach would be to write your own interface which provides a suitable API and authentication controls. You should be able to find a PHP framework and/or libraries to minimise the amount of custom code you have to write (eg. REST, JSON, Oauth).
The interface you implement can:
- put some constraints on the type of queries that end users can run (only what you provide, rather than the full MongoDB API)
- allow the application to authenticate with appropriate user privileges without having the database credentials embedded in the Android app
- add additional user security such as token-based OAuth or Twitter/Facebook authentication
- abstract the endpoint that the Android app connects to (your web interface) from the infrastructure detail of your MongoDB deployment
- potentially include caching for common queries or session data
Stennie
- 63,885
- 14
- 149
- 175
0
I would pick the option of creating the PHP script that will handle all the logic and data filteration, send back as JSON response to be ready for the application.
as marked in bold, that will allow you not to worry about filter the data in your client "android application" side, and leave all the dirty work to be done on the server side.
Moh Sakkijha
- 2,705
- 1
- 14
- 19
-
@Gintas_ can you tell me how you was planing on connecting on mongodb – Moh Sakkijha Jan 12 '14 at 20:48
-
we would use MongoDB Java driver: http://docs.mongodb.org/ecosystem/tutorial/getting-started-with-java-driver/ – Gintas_ Jan 12 '14 at 20:52
-
@Gintas_ and where you are planing on using the driver ? – Moh Sakkijha Jan 12 '14 at 20:54
-
what do you mean? In android application, to access mongodb directly – Gintas_ Jan 12 '14 at 20:57
-
@Gintas_ I an not sure that you can use the driver in your android application, refer to these SO questions about connecting to MongoDB from android apps : http://stackoverflow.com/questions/19773462/connect-mongo-db-with-android-application http://stackoverflow.com/questions/6887887/mongodb-on-android – Moh Sakkijha Jan 12 '14 at 21:03
-
check the last post, I think it's fixed in 2.9.0: https://jira.mongodb.org/browse/JAVA-295 – Gintas_ Jan 12 '14 at 21:06
-
1@Gintas_ , I was reading about that. I am not sure about the performance and if it is better than creating the PHP/Server side implementation and if you will have issues connecting to the database or so. Maybe connecting directly to the database sounds easier and less effort than creating the server side implementation but in my point of view i think calling a server side service is more trust worthy. – Moh Sakkijha Jan 12 '14 at 21:12
