Following my question regarding connecting to a MySQL database in Java, I am looking to create a web service in PHP. My Java program needs to ask the web service to gather some data from MySQL database and send the result back. However, I have a few dilema's:
Firstly, my web hosts do not support Java, and therefore the server side needs to be written in PHP but the client needs to be written in Java.
Secondly, all the tutorials I have found seem to involve creating a whole web service project in order for my Java program to communicate with the web service, where as realistically only a couple of classes need to contact the PHP web service.
And, you may have already guessed but I don't know anything about web service's. It was just suggested that I used one in order to get around the GPL licence of the JDBC driver...
I realise that similar questions may have been asked here before but as I am a complete novice, the posts that are saw here did not contain enough information for me and I require as much help as I can get - almost a step by step guide!
Alternatively, I did think about just using standard PHP Sockets, as I am pretty sure I know how to use them. However, I don't know how secure they are and I didn't want to take any risks because I will be needing to retrieve information such as licence keys!
Thanks in Advance
You don't need to use PHP Sockets, all you need is a simple PHP script on your web host that fetches the data you need from the MySQL DB and outputs the data to be read by your Java client.
Your PHP script will need:
To retrieve any query parameters from the Java client (probably
via $_POST or $_GET).
Information to connect to MySQL (hostname/ip address, db name,
username, password).
To run SQL query/queries to grab the data from the database.
To output the data for the java client to read, in some mutually-acceptable format, such as XML, JSON, HTML, etc.
You would structure the script something like this:
<?php
// 1. Read and validate input parameters
$myquery_val = $_POST['queryval'];
// 2. Connect to MySQL
// 3. Fetch MySQL data
// 4. Output data
?>
To learn how to connect to MySQL and retrieve data, read up on MySQL PDO: http://php.net/manual/en/ref.pdo-mysql.php
What I would do is use an agnostic form of communication between your PHP service and the Java client. My weapon of choice is XML.
The steps would be:
Create the PHP classes which will interact with your database and get the data you want to work with. GitHub has plenty of examples and source code. Sample PHP-MySQL Database Abstraction Layer
Create a RESTful php service which takes the data from step 1 and makes it into an XML REST service. Checkout the Recess Framework, an easy to use REST framework
Create your JAVA client, it should just need to be able to work with HTTP, and consume XML. No need for a huge soap or other framework.
Related
So I want to know the basic idea of how a app can get its data from your own server. We use APIs to get data from other data sources like OpenWeather . But now if we want to create our own source how would you do that? I just want to know the basic idea not the code.
Thanks
Basic idea would be:
get a free hosting somewhere (there's a lot of PHP hosting websites with MySQL)
create a simple REST API
get some data into your database (create a simple CMS to add data to the DB)
make your Android app call your website just like you did with the weather API
TL;DR: create your own API
I want to create a webpage where a user sets up a profile via a form; form data is sent to my server and creates requisite nodes in neo4j. I want to do this in a way that does as much as possible to prevent people arbitrarily sending commands to my server outside of the form, such as via chrome or any other injection method.
I expect that I will need to utilize the REST API to connect with neo4j via java. It also seems like I will need to use Jersey to allow the site to communicate with the neo4j REST API. I am new to securing data being transferred from the client to server and to validating data received by the server to ensure I am not sending commands to neo4j that shouldn't have been sent, and which could cause all sorts of damage to my members. I am also new to utilizing graph databases and neo4j in general.
Can someone give me a step by step example of how to basically accomplish this task? I am looking to find out what tools I need to install, and what types of commands I should include both on the client and on the server side to ensure that I am only passing correct data to neo4j when creating/deleting/modifying nodes and relationships.
Thanks for any help that anyone is willing to provide - getting past this hump will allow me to move so much more quickly with the rest of my development.
I guess the most easy way to prevent others from accessing your neo4j instance is using Neo4j authentication example. Just follow the docs on the start page. Additionally you might set up some IP address filtering using e.g. iptables on linux to restrict network access to your Java client machine.
With authentication extensions installed, you need to supply username/password with each request. The most easy way to communicate with Neo4j from a Java client these days is using the Neo4j JDBC driver.
I'm developing an app for Android which needs data of my server. My doubt is:
Is it safe to make a query from android to mysql?
Because... I was thinking to obtain a JSON with a PHP file, but I believe this is slower method. So, now i'm trying to make a query to mysql server without any PHP file, putting the password and the user of data base in the android project.
I need to know if someone could decompile my app and see my credentials in java files.
Are there other methods?
More than "safe", there's not a native way to send data from Android to a MySQL server. The correct way is implementing a web-service that receives the query (for instance, via HTTP POST), then handles it, connects to the local (or remote) database and executes the requested query (and possibly returns the result if needed).
As far as security goes, this seems to be a totally different question, but in this kind of architecture it seems that a Asymmetric encryption algorithm is what best fits this kind of transactions, as you can hardcode/download each time you need the public key for encrypting messages and they'll be only decrypted by the server side using the private key.
Hardcoding credentials into your app is pretty much a bad idea, because if someone who has some knowledge about this subject, will try crack you app, and if your app manages some financial sensitive data, they actually will try triplify efforts.
How to securely share key between two remote devices?
How dangerous might be publishing a public key?
You should be aware that people can always get the db user and password from the application. This allows them to login and drop your tables in the database.
Therefore creating a small web service that will do it for you gives you more security, since you can decide what operations is allowed to perform to the database.
Using a RESTful (in your case)PHP framework is the way to go. You can then use data from JSON or XML in your application. This way is definitely not slower. You can use this framework:
http://www.slimframework.com/
Or whatever your are using right now.
I am looking for some guideance in terms of what database to use server(using servlets) side of my android application.
Further down the line i will setup a website that will need to access the information from with the database.
At the moment from what i know i can use hibernate for object mapping to RDBMS or i can use JDBC for interaction with a MySql Database.
Do you guys have any best practices for using either the above or a different system for interaction between servlet and database?
If you are looking to get started quickly, you could use AppInventor, but if you want to build a backend yourself I suggest Ruby on Rails(get ubuntu if you don't have it!). Its easy to learn, easy to install, and very user-friendly.
The server and database will be handled by the Ruby on Rails framework.
Android application just acts as a client that makes request and accepts response from a Server. Server could be written using Servelets / JSP, ASP or PHP. As far as I know it doesn't matter to android client which database server is used at the server side as far as client is getting the response from the server.
I am designing an enterprise security server for our company - we own many different applications, most written in java and a few written in PHP. I could provide a remote API that would give each application access to the server. I could also create 'agents' that each application could include that would do all the work for them, but allow my server control over their sessions and thus their authentications/authorizations. Issue is I would probably be better to write the agent in java because 80% or more of our apps are in java.
If I wrote the agent in java does anyone know if there was a way this program could access the php session? If not does anyone have a suggestion regarding a better way to go about doing this?
The session data is stored as a (php) serialized array in a temporary folder. The locations for these are set in the php.ini file.
But you can change both the format of the data and the place it is stored (e.g. to a database or shared memory or somewhere else) by writing your own handler.
A quick google suggests that several people have written [de]serializers in Java for PHP data. e.g. http://hurring.com/scott/code/java/serialize/
If you have problems with the built-in PHP serialize function - have a google for WDDX (which IIRC comes as standard) and serializes data into XML.
You might want to think about how you keep the session data appearing to be active to PHP if you want the agent to continue independently of the web session.
C.
You can hook into PHP's session handling using session_set_save_handler() (an example for a simple but complete custom handler is included in the manual). You should be able to synchronize PHP's session management with a central Java server that way.
Your PHP application would receive a session ID through a cookie ($_COOKIE["SESSION_ID"] or whatever).
Your custom session_save_handler would, instead of maintaining a session store of its own, pass that session ID to your central Java-based security server, and get all the session data in return. Writing into a session from PHP would be routed the same way.
You could of course also go the other way, and poll PHP's internal session data from the outside, but wouldn't quite understand what exactly for. If that is the case, can you go into more detail there?