0

My application requires inserting data from the device into a SQL table. I have read that connecting directly to a database from an Android device via something like JDBC is usually a poor idea since if a user really wanted to, they could retrieve credentials from the APK, and in addition to this, the performance can be very slow at longer distances.

However, in my scenario no credentials are embedded in the APK; instead users will enter database & login details once a connection is required. Additionally, the only databases users will be connecting to reside on the same network the devices are connected to.

With this in mind, is it okay to implement a direct connection to the db or are there other security/performance issues I am unaware of?

Michael
  • 89
  • 2
  • 8
  • This answer sums up my feelings on the matter: https://stackoverflow.com/a/26471486/469080 – Michael Dodd Jun 15 '18 at 14:12
  • @MichaelDodd I have looked at that answer before which is actually what prompted this question. The 2 main points there are decompiling & distance from the db; in my scenario neither are a concern (stated above) which is why I am curious as to whether there are more issues that may arise when dealing with a direct connection, or if it would be safe to use. – Michael Jun 15 '18 at 14:19
  • If you're working in a network environment that'll be similar to that of a desktop, and don't plan on releasing your app to the public at large, then those downsides are somewhat mitigated. You'll need to account for network drops from any wireless network connection, mind – Michael Dodd Jun 15 '18 at 14:21
  • Ah okay I see. The main use case for this application would be as follows: User scans barcodes -> Data retrieved using url embedded in codes -> If a connection is available & user has entered db details, insert data into SQL. The SQL database will always be on the same connection as the user. – Michael Jun 15 '18 at 14:23
  • Depends entirely who the user is. An employee using a company-issued device (OK), someone using their own device (potential risk) or Joe Public (big risk) – Michael Dodd Jun 15 '18 at 20:31

0 Answers0