Android Question Advice needed - securely transfer file to server

[Arf]

Hi,

I don't know much about remote servers and web security, so I am hoping someone might be able to point me in the right direction so I can begin studying up, I'm hoping there's a B4A tutorial that would be a good starting point for me.

I need to add into my app the ability to transfer a chunk of data (typically around 20kB) to a remote server where it will sit until it is collected by the same user, using a .NET (or maybe B4J) app on a PC. The potential number of users will be between 1 and 5K, and they would intermittently upload 5 to 10 such chunks of data per week, tops. So pretty low bandwidth I'd say.

The data has to be secure, so my plan was to encrypt it with a randomly generated key which the operator can simply read off his app screen and type into the PC app to allow decryption on the receiving end.

I saw a tutorial on JDBC and MySQL, I thought that might be a good starting point as my webhost already included a MySQL database option, and committing the data and retrieving it using SQL statements seemed like it might be straightforward, but then I noticed the tutorial was for accessing JDBC databases on a local PC.

Any advice on what I should be looking at would be gratefully received.

 

[Arf]

I guess what i am most seeking, is advice as to whether a file server strategy like this:
https://www.b4x.com/android/forum/t...r-b4j-server-over-the-internet.37201/#content
with the database handled by the B4J server would be a superior solution to a JDBC/MySql type solution.

Admittedly the first (file server type solution) seems the best starting point for me only because I understand it better.

 

[OliverA]

I saw a tutorial on JDBC and MySQL, I thought that might be a good starting point as my webhost already included a MySQL database option, and committing the data and retrieving it using SQL statements seemed like it might be straightforward, but then I noticed the tutorial was for accessing JDBC databases on a local PC.

Use jdbcSQL library on Android. Then you can use the same syntax as a desktop application.

I guess what i am most seeking, is advice as to whether a file server strategy like this:
https://www.b4x.com/android/forum/t...r-b4j-server-over-the-internet.37201/#content
with the database handled by the B4J server would be a superior solution to a JDBC/MySql type solution.

With either type of communication, I would make sure that I have SSL properly set up and have you application only accept "trusted" certificates.

If you directly access MySQL from your client application, then you are allowing outside access to MySQL. Even with SSL enabled, that gives an attack surface. Also, if you are not careful on the type of SQL statements executed from the client, bad things may happen (something like https://xkcd.com/327/).

If you are using some middle-ware (JRDC2, PHP, B4J Server) between the client and your SQL database, you may still want some extra access controls.