Android App to get and post data from SQL Server (security concern)

Question

I am a newbie and I've read many topics related to my question, but I still have a few questions in mind for which I need your assistance. Any kind of information would be helpful.

My application: I have a web site to sell tickets and an app to sell the tickets both should access the same database (centralized Windows server).

I read many topics related to my question and understood, using jTDS would be the best idea for my requirements. But after reading the following topics, I am little bit confused whether I am moving in the right direction or not. So please help to find the right direction.

using an Android app to post entries to SQL Server

How can I use external JARs in an Android project?

My questions are:

Which is the best way to access SQL server from both my app and website?
What kind of security issues do I have to consider? As my app will be used worldwide, do I have to take a special care for security?

Any tutorial or advice will be appreciated.

score 3 · Answer 1 · answered Jul 28 '11 at 14:02

3

You must run a webservice based on the REST or SOA to do that. REST is lightweight. I don't recommend using a JDBC connection. I am not sure jTDS would work on Android. If you are about to deploy a webservice you have to look after authentication and SQL injection.

answered Jul 28 '11 at 14:02

Ragunath Jawahar

19,513
22
110
155

You can accept this answer (By clicking the tick mark) if you think your question has been answered. – Ragunath Jawahar Jul 29 '11 at 22:21

score 0 · Answer 2 · answered Jul 28 '11 at 14:53

0

Use a WebService to talk to the database, and the Android app will talk to the WebService. You don't want the clients to talk directly to the database. In the WebService you can do any authentication/security checks that you want. If you use stored procedures in your WebService, you don't have to worry about SQL Injection.

answered Jul 28 '11 at 14:53

Marcus

5,407
3
31
54

Thank You for the reply , i followed this video (http://www.vimeo.com/9633556) and did the same. I am just getting String "error" as my result. can u pls tell me where i am going wrong. They suggest to change some proxy setting in my eclipse and AVD. I really don't have any idea about that. can u give some suggestion to fix it. – Manoj Jul 29 '11 at 10:54
I don't think I'd be able to help as I've never actually gone through that specific process. I'd create a new question on SO and show some code to help explain the error. – Marcus Jul 29 '11 at 15:17

Android App to get and post data from SQL Server (security concern)

2 Answers2