This question is locked. New answers and comments are not allowed.
Good day
Comming from web design where everything is on the server I would appreciate it very much if someone could outline the basic concept on how to do it in app design. No code needed just how
it should basicly work.
Here is what I have
SQL DB
table_database
database_Id: 1
database_name: test 1
database_Id: 2
database_name: test 2
----------------------------------
table_users
user_ID: 1
database_ID :1 <- matching the user to table_database
user_name: JohnDoe
user_password_hashed: 8939xlsljsdf93
user_ID: 2
database_ID :1 <- matching the user to table_database
user_name: JaneDoe
user_password_hashed: 99skdhask
user_ID: 3
database_ID :2 <- matching the user to table_database
user_name: JohnSmith
user_password_hashed: 8sonjsadfi98
----------------------------------
table_content
content_ID: 1
database_ID: 1 <- matching the content to the table_database
content_ID: 2
database_ID: 2 <- matching the content to the table_database
content_ID: 3
database_ID: 1 <- matching the content to the table_database
----------------------------------
Now in a web solution, after the user enters his username and password I hash the password, compare it to the value in the DB and if OK save the database_ID as session and simply show the user all entries from table_content with the corresonding database_ID.
Here come some simple/stupid questions.
I can get my Json over https:// but still what would make more sense, security wise
Option A
1) the user enters username and password on phone app (he will have to do this every time -> not saving anything or autologin)
2) I hash the password and make my Json request with username and hashed password
Option B
1) the user enters username and password on phone app (he will have to do this every time -> not saving anything or autologin)
2) Make my Json request with username and password and hash it on the server
Am I right that Option A is the correct way?
----------------------------------
The question is now. Who do I get the table_content entires corresponding to the database_ID security wise?
Well the Json is available on the web so I need to make sure that a phone app user can only get the table_content entries corresonding to the database_ID from him in table_user.
Kind of hard to explain but pretty simple - just whats the concept of this getting done.
The app is a spin of from a site that can be accessed through the browser.
Markus
Comming from web design where everything is on the server I would appreciate it very much if someone could outline the basic concept on how to do it in app design. No code needed just how
it should basicly work.
Here is what I have
SQL DB
table_database
database_Id: 1
database_name: test 1
database_Id: 2
database_name: test 2
----------------------------------
table_users
user_ID: 1
database_ID :1 <- matching the user to table_database
user_name: JohnDoe
user_password_hashed: 8939xlsljsdf93
user_ID: 2
database_ID :1 <- matching the user to table_database
user_name: JaneDoe
user_password_hashed: 99skdhask
user_ID: 3
database_ID :2 <- matching the user to table_database
user_name: JohnSmith
user_password_hashed: 8sonjsadfi98
----------------------------------
table_content
content_ID: 1
database_ID: 1 <- matching the content to the table_database
content_ID: 2
database_ID: 2 <- matching the content to the table_database
content_ID: 3
database_ID: 1 <- matching the content to the table_database
----------------------------------
Now in a web solution, after the user enters his username and password I hash the password, compare it to the value in the DB and if OK save the database_ID as session and simply show the user all entries from table_content with the corresonding database_ID.
Here come some simple/stupid questions.
I can get my Json over https:// but still what would make more sense, security wise
Option A
1) the user enters username and password on phone app (he will have to do this every time -> not saving anything or autologin)
2) I hash the password and make my Json request with username and hashed password
Option B
1) the user enters username and password on phone app (he will have to do this every time -> not saving anything or autologin)
2) Make my Json request with username and password and hash it on the server
Am I right that Option A is the correct way?
----------------------------------
The question is now. Who do I get the table_content entires corresponding to the database_ID security wise?
Well the Json is available on the web so I need to make sure that a phone app user can only get the table_content entries corresonding to the database_ID from him in table_user.
Kind of hard to explain but pretty simple - just whats the concept of this getting done.
The app is a spin of from a site that can be accessed through the browser.
Markus