Database which doesn't need a Private Key to Push Data - node.js

I have a project I am working on which will be open source. The project records data from all over. People can look at the instructions on a website, build the prototype, and the prototype will contribute its data to a giant database.
data.sparkfun.com/ is perfect for this, except for a major problem. In order to push data, you need to put the Private Key in the code (docs). This will also allow anybody with the code (which will be everybody looking at my project because it is open source) to edit, modify, and delete data from the database because they have the Private Key.
Is there any alternative to data.sparkfun for free so that I can achieve this? I am using NodeJS as the main language for my project.
EDIT: I also do not have a server to host my own database on. I also would need a hosting service (which is why data.sparkfun is so close to what I need).

I think something like this project http://docs.dat-data.com/ could work. It is built with Node. Its not necessarily perfect because its a bit more oriented towards files than a database, but you may be able to adapt it to your application. It uses cryptography and versioning for security.

I found something called Firebase which is hosted by Google. It has a full suite of databases, filesystems, and a way to identify users. You need an API Key for posting and retrieving data, but it is not meant to be private. It also allows you to set rules to disallow editing and deleting data, unless you own the database.
It supports iOS apps, Android Apps, and Web Apps (easy to integrate with NodeJS). The free version has some limitations, but enough for most hobbyists.

Related

Do I need any iCloud settings before using Ensembles for CoreData & iCloud syncing?

I'm developing an app which uses CoreData and is already released. I'm trying to add syncing feature using iCloud and Ensembles 1.x. I added codes which are told in the readme, but syncing doesn't happen. The debug log says it can't leech to ensemble.
I enabled iCloud for the project, but only for Key-value storage which is used for another purpose. Do I need to enable other services such as iCloud Documents or CloudKit?
Also, I have this line like sample codes do, and wondering ubiquityContainerIdentifier shouldn't be nil. But I have no idea what I should pass. Could you please give me any advices?
cloudFileSystem = CDEICloudFileSystem(ubiquityContainerIdentifier: nil)
Thank you in advance.
You do need to have iCloud Documents enabled.
See the Simple Sync example app to see the things you have to setup.
I think passing nil should work. That will choose the default iCloud container for you (e.g. iCloud.com.mycompany.myapp). If you need a different container, just set that up in your capabilities for the target, and use that.
Note also there is a free book at http://leanpub.com/ensembles

Convert Objective C project to Xamarin

We have an app written in Objective C. It uses CoreData, RestKit, about 10 viewcontrollers.
We would like to migrate it to Xamarin (so we can target Android and Windows).
I was hoping there was a way to bind the current code to a Xamarin solution and kind of rewrite features step by step within Xamarin (eg: replacing a viewcontroller at a time, and at the end replacing RestKit+CoreData, by SQLite + ServiceStack).
I am aware of the binding to Objective C option that they provide, however, it doesn't look to be the appropriate fit for this (way too complex, probably easier to rewrite the app from scratch).
Is there a way to migrate our current project to Xamarin so we can convert? or do we start from scratch?
Thanks.
Options:
Migrate full project - no;
Automatically create binding for libraries, rewrite business-code, UI-code - yes;
Rewrite from scratch using .Net/Mono classes - yes.
If code size is relatively small, you should rewrite the whole app. Moreover, thus you could have a chance to separate business-logic from UI code and tools libraries (RestKit, CoreData). In perspective, that code will be more reliable and cross-platformish.
This tool can help. It does Obj-c to C# translation (some manual cleanup required):
Automagical
Quite probably, a re-write, from scratch. One thing to keep in mind, if your back-end is .net.. and you are using DTO's.. like with AutoMapper from Entity Framework objects.. you'll be able to re-use those DTO objects on your mobile side with Xamarin. If you are using OData, I'm not sure if this is still a problem, but Xamarin studio wasn't generating OData service clients. So you had to generate them in Visual Studio, then take the generated client code and throw them into your Mobile projects.
sqllite-net is awesome. I've never had any problems with it.
https://github.com/praeclarum/sqlite-net
I currently have a project, with DTO Objects from an Azure WCF service, that I push directly down into SQLLite objects on IOS and Android with Xamarin. I use RestSharp, rather than Service Stack. I should probably go learn the difference.
If you are looking to use SQLCipher from the Component store, to encrypt your sqllite db locally on your device (Good advice to do so), you should be aware that there is an issue in android.. going to 2.2 or 2.3 with SQLCipher. Works for ICS and above though, if I remember right.
Just be careful on your security implementation for allowing clients to connect. I want to say.. don't take too much advice.. and don't take too little either. : )

Security considerations when creating a mobile app using PhoneGap

I'm a beginner in creating mobile apps with phonegap. I have some doubts on security aspects, when creating a mobile app with phonegap.
I want to create an app that accesses a Web service, e.g. a REST service created using Jersey. Now, am I correct in thinking that a hacker can easily see the security keys/authentication mechanism used, to authenticate the client (on a mobile app) with the server (where REST API is to be used)?
In general, can a hacker easily access all data being sent by the mobile app (which was created using phonegap)?
Can a hacker disassemble a phonegap app to obtain original code? Wont he get the native code (e.g. Objective C in case of ios)? Or can he decompile even that into original phonegap code (ie html+js)? How do I prevent my code from being decompiled? Is this scenario the same as for most other languages i.e. hackers with powerful PCs can hack into just about any program/software? Is there some way to prevent this from happening?
Allright, first take a deep breath. You are probably not going to like some of my answers but you'll be living with the same issues that we all are.
The best thing to do in this case is to use something like the KeyChain plugin to retrieve your security keys from the native side.
You can take PhoneGap out of the question because it applies to any situation where you send unencrypted data between a client and server. Anyone can easily listen in using a number of tools including Wireshark or Ethereal. If you need to communicate with a sever it should be done on an encrypted, HTTPS or SSL, connection.
First I think you are under the mistaken impression that PhoneGap compiles your HTML/JS code into Obj-C. It does not. If the user uncompresses your app they will be able to read your HTML/JS. Also, they'll be able to decompile your Obj-C code as well. This does not take a powerful PC or even an experienced hacker. Pretty much anyone can do it.
My advice to you is not to worry about it. Put your time into creating a truly great app. The people who will pay for it will pay for it. The folks who decompile it would never buy the app no matter what. The more time you take trying to combat the hackers takes away from the time you could use to make your app greater. Also, most anti-hacking measures just make life harder for your actual users so in fact they are counter productive.
TLDR -
Consider that you are coding a website and all code ( html and js ) will be visible to user with
Crtl+Shift+i as in browsers
Some points for ensuring maximum security
If your using backend then recheck everything coming from the app
All attacks possible on websites (XSS, redicting to malacious webistes , cloning webistes, etc are possible )
All the data sent to the app will finally be available in some js variables / resource files , Since all variables are accessible by hacker so is all the data sent to app EVEN IF YOU ARE USING THE MOST SECURE DATA TRANSMISSION MECHANISMS
As Simon correctly said in his ans , phonegap or cordova does not convert html / js to native code . Html / Js is available as-it-is
Cordova also explicitly mentions this in their official statement
Do not assume that your source code is secure
Since a Cordova application is built from HTML and JavaScript assets that get packaged in a native container, you should not consider your code to be secure. It is possible to reverse engineer a Cordova application.
5.Mainly all the techniques which are used by websites to prevent their code from being cloned / easily understood are applicable even here (Mainly it includes converting js code into hard to read format - obfuscating code)
6.Comparing native apps with cordova/phonegap apps native apps , I would say that cordova are easier for hacker only because of lack of awareness between cordova developers who do not take enough measures to secure it and lack of readily available(one click ) mechanisms to directly obfuscate the code vs in android proguard
Sample Cordova App Hacking (NOTE:Phonegap also works in similar way)
I'll show an example to show how easy is it for hacker to hack a cordova app(where developer has taken no efforts in obfuscating the code )
basically we start with unzipping the apk files (apks can be unzipped like zip files )
The contents inside will be similar to this
The source code for cordova apps is present in /assets/www/ folder
As you can see all the contents including any databases that you have packed with the app are visible(see last 2 rows have a db file )
Along with it any other resources are also directly visible (text files/js / html/ audio / video / etc)
All the views / controllers are visible and editable too
Further exploring the contents we find a PaymentController.js file
Opening it we can directly see the js code and other comments
here we note that after user performs payment if it is successful then successCallback is called else cancelCallback is called.
Hacker can simply replace the two functions so that when payment is not successful successCallback is called .
In absence of other checks the hacker has successfully bypassed payment.

Need to Sync iPhone App between iPhone/iPad/iPod Touch etc. How? Cloud? Zsync? Dropbox?

I have received requests for my iPhone app, to be able to sync it between a person's iPhone and iPad, or between two iPhones in the same family, etc. I have been searching online now for some time, and this still is not clear to me. I am a pretty new developer, and I know enough to have gotten an app released, but I am not a professional programmer.
I know that DropBox and SugarSync use "the cloud", but I have not used them as yet and I am not sure how I would implement them for my Core Data database. I also watched a video for Marcus Zarra's ZSync, which looks awesome, but I do not have a desktop application yet, and I'm not sure that that is the solution for me.
I downloaded the DropBox api and sample app and am starting to play with it, but I don't want to waste too much time if I am heading down a rabbit trail. I would love if the iOS offered some sort of a sync option but I looked and I'm pretty sure it doesn't.
This seems like pretty complicated stuff. I would love if someone could point me in the right direction. Maybe even a tutorial if there is one. Just to keep Core Data database synced between multiple (maybe even more than 2) iDevices. Any help would be greatly appreciated.
It seems that, as expected, there is no readily available sync option without writing your own algorithm. Even then, it seems to be hit and miss at best as you add users and devices.
I have decided that for me, for now, the best option is DropBox, and using a simple file backup/restore. When you download the DropBox SDK, there is an iPhone App example in there that well demonstrates how to incorporate it into your app.
The issue I am now having has to do with Core Data. Once I overwrite my SQLite file, I am having a difficult time refreshing my data. It works fine if I close and restart the app, but I don't want to have the user do that.
I have tried many solutions from this site, and none of them have worked completely for me yet. I understand that I have to delete and recreate the persistent store, and that I have to delete and recreate my objects, and that I might have to delete and recreate my view controllers in my tab bar. And possibly also my MOC and MOM.
I understand the part about deleting and recreating the persistent store. I can delete my objects, but I am not sure how to re-create them. I think my issue is that I have a tab bar controller and my top level views do not get dealloc-ed. I have found snippets of code here and there but have not been able to piece them together for a solution yet and all I have is one giant mess of commented out code.
Just an update, and an answer to the syncing issue: iCloud seems like it will actually app syncing. I haven't tried it yet, but am planning to implement it. However, since users will only have limited free iCloud storage, and many won't want to pay, I am also implementing Dropbox for Backup/Restore (only). Hope this helps!

SharePoint - Posting and Retrieving files Automatically via VBScript

I'm going to need to push and pull files from a SharePoint site that is not hosted by my company (it is external). I'm only going to get a few days (if that) to get this working so I don't have much time to experiment.
To add to my requirements/headaches, I'm going to have to implement this with VBScript. .Net would be preferred for me but for reasons beyond my control I have to use VBScript. I don't have direct access to my VBScript web server, so I won't be able to implement this in .NET and use that object from VBScript.
I'm looking for anything that would help me accomplish this goal quickly and effectively. I found this post and am wondering if the PUT/GET method used here would work for me?
http://weblogs.asp.net/bsimser/archive/2004/06/06/149673.aspx (I got this link from: Sharepoint API - How to Upload files to Sharepoint Doc Library from ASP.NET Web Application)
To top all of this off, I've never done any programming or administration of a SharePoint site. My knowledge of SharePoint is that of a user. I'm aware that there is an API from the few Google searches I did. However, my readings make me believe that my code would need to run on or in proximity to the SharePoint server. I don't believe I have the proximity I need to use the API.
Sincere thank yous!
Regards,
Frank
Progress Update: I'm still researching this. Tom pointed out that the example I had posted is probably from an old SharePoint version. His recommendation to use .Net to develop a prototype on Web Services is good but I'm hoping for more detailed answers.
I'm now wondering if I can accomplish what I need to accomplish using HTTP PUT and GETs. At my company, for a specific project we do use HTTP PUT and GETs to do something like this. We have files that are stored on an HTTP server and this is how we post and retrieve them.
Would this work over SharePoint or would SharePoint require special handling? Basically, do I have to use Web Services?
Progress Update 2: This link is helpful... Upload a file to SharePoint through the built-in web services
But I am still looking for more information on this topic... Thanks all...
You'll need to use the sharepoint lists web service for metadata and get/put for uploads. That link looks to be for SharePoint 2001, so hopefully you can use the newer/simpler version.
I recommend building something in .net first to get the web service calls worked out - some of the parameters can be quite tricky to debug, and I wouldn't want to be doing that on a remote vbscript page.
Assuming there is no metadata required and the SharePoint library is being used like a file server you can do most of what you want with PUT/GET, but you will probably need a call to GetListItems to find the urls to download.
There's an example on my blog of a lower level call to that web service - it's javascript, but probably close enough.
http://tqcblog.com/2007/09/24/sharepoint-blog-content-rating-with-javascript-and-web-services
What setting up the .net version gets you is very quick set up of a connection to the server (just add a web service reference in visual studio) so you can get the query and queryoptions strings working to retrieve the items you want. Once that works you just have to put it all together as a string including the soap stuff for use without all the nice tools.
I'm a little unclear on the context of the implementation and the prerequisite of having to use VBScript. Are the files being moved from one server to another server or from a user's desktop to this SP server? or are they being accessed via software like Excel?
The first thing that sprang to my mind (this may sound crazy) was using the Office application to make the connection. Your script would call up Excel (just as an example) and pass it the vba needed to initiate the Open File, and then provide the full path to the file that needs to be retrieved. Then have it do a Save As to the location that needs the file. Do the same thing but in reverse for putting files on the SharePoint server.
The tricky part, obviously, is getting the script to interface with the Office app. I know this can be done with the Windows version of PHP, but I don't want to get into anything specific without knowing your situation.
I seriously wonder if you are going to be able to use VBScript to call the SharePoint web services. I haven't looked at the SharePoint web services for a while so I don't remember exactly how they are defined. I thought the web services were SOAP calls though which makes it trickier than
I'm not sure I tried to use Excel to call some web services with the MSSOAP.SoapClient and it seemed this component was unable to handle any WSDL types beyond the very simple strings. Anything with nested data would not work. Instead, you would need to create a COM object to process the conversion which is a major hassle. If you are able to use XMLHTTP component then it might be possible with VBScript, but I'm not sure if it will work with SharePoint web services.
I'm not sure what you mean, "I don't have direct access to my VBScript web server." Is your web server in VBScript (ASP)? Or did you mean SharePoint server?
You might consider C# Script (cs-script) as a scripted solution that uses .NET. I have had good success with it, although it does need to be installed on the computer that runs the script.
I'm integrating between two companies. According to this book, we should use AD FS to accomplish what I'm looking for.
I still don't actually have this working though so if someone has more information I will change the answer to this question.
http://books.google.com/books?id=-6Dw74If4N0C&pg=PA27&lpg=PA27&dq=sharing+sharepoint+sites+external+adfs&source=bl&ots=ojOlMP13tE&sig=FjsMmOHymCOMGo7il7vjWF_lagQ&hl=en&ei=ytqfStClO5mMtgejsfH0Dw&sa=X&oi=book_result&ct=result&resnum=5#v=onepage&q=&f=false
I never really received a answer to this that worked out but this is no longer an issue for me.
What we ended up doing is scraping the html. In effect, we put together our own ad-hoc web service processor where instead of SOAP, html is used to communicate. Then we execute GETs, POSTs, and etc to work with the web service.
We had done something similar in VBScript in for WebDAV -- we had a class and created a new one to work with SharePoint.

Resources