Android Question I want to connect via php hosting in a secure way

[AlfaizDev]

This method is to connect to a local server

I want to connect via php hosting in a secure way


Is this method safe?

I am currently using this method

 

[aeric]

This method is to connect to a local server

No it is not. You can use this in hosting (VPS).

 

[AlfaizDev]

Yes, but it is expensive
I want a way to dart on shared hosting
Is it possible an example in a very safe way

 

[aeric]

Yes, but it is expensive
I want a way to dart on shared hosting
Is it possible an example in a very safe way

Try to find a cheap VPS. There are some which cost as low as $3.95/month. I am using hostinger.

If you insist on shared hosting, which is a good start for beginner then try implement some security measures.
For example,

1. hash your password using salt
2. use prepared statement to prevent SQL injection
3. connect using API with key
4. catch your error so it won't show your query on page when error occur

and there are many ways to secure your web application in production.

In my opinion, the point of an example created/shared by someone is to help a newbie to understand the basic concept. If you request for a "very safe" example, I don't think it exists. When you have understand the concept, you need to improve your own project by adding more and more security bit by bit by doing your own research. Until you are confident or feel comfortable on the stability and security of your project, then only make it to production.

 

[AlfaizDev]

Is this method safe?

And what does this method look like
thanks for the information

 

[aeric]

And what does this method look like
thanks for the information

$user = "root";
$pw = "";

For local development, you can use root or simple credentials but when in production, you have to use different user name and a strong password for database login.

 

[AlfaizDev]

Thank you
But what I mean is
Is it safe to use this method?
As the contact information will definitely change
It will be more powerful than these in the example
And the server name will be on shared hosting

 

[aeric]

I am not sure how do you define or measure the level of safety. How sensitive or important the data you store?
I can assume my data is safe if no hacker is visiting my server even when I did not make it "safe".
If I make my application "more secure" by implementing a list of securities, what I actually did is just make a hacker more difficult or take longer time to hack my data.
It doesn't guarantee that my system is "unhackable".

PHP or B4X are just programming languages. We can't say which one is more superior to another.

First, you need to understand the problem. For example, SQL injection. How it happen and then how to prevent.

For your question, I don't have an exact answer.

If it is a small project, I think it is not worth to spend so much effort to make it super secure. Is your data really valuable to a hacker? Such as user bank account password or credit card information?

If you are just starting, don't concern so much about security. Make you small project work first.

 

[AlfaizDev]

Thank you very much for the information

 

[AlfaizDev]

As for the data, it is not so important
When viewed
But the fear of the hacker being able to delete or manipulate the data only

 

[aeric]

In most cases, if you are using shared hosting, the database (MySQL or MariaDB) server is located on the same machine as the web server (localhost). We do not need to worry about the connection between PHP and the database.

The real concern is how the client app connect to the server to retrieve data. You should setup your application or domain to use SSL or similar so the data transfer between the client and server is always encrypted.

 

[aeric]

You may have missed the example that I shared recently.

(PHP/MySQL/API) User Login App

Web API Updates: Latest B4XPages user login client apps (using B4J server): https://www.b4x.com/android/forum/threads/project-template-user-login-client-b4x.161914/ Older project: https://www.b4x.com/android/forum/threads/b4j-mysql-api-server-key-token-and-b4x-user-login-apps.126081/...

www.b4x.com

 

[AlfaizDev]

You may have missed the example that I shared recently.

(PHP/MySQL/API) User Login App

Web API Updates: Latest B4XPages user login client apps (using B4J server): https://www.b4x.com/android/forum/threads/project-template-user-login-client-b4x.161914/ Older project: https://www.b4x.com/android/forum/threads/b4j-mysql-api-server-key-token-and-b4x-user-login-apps.126081/...

www.b4x.com

Nice
Thank you
This seems easier
Do you think it fulfills the purpose?

https://www.b4x.com/android/forum/threads/register-user-example-using-okhttputils2.52293/

And the foal on the stretch

 

[aeric]

Nice
Thank you
This seems easier
Do you think it fulfills the purpose?

https://www.b4x.com/android/forum/threads/register-user-example-using-okhttputils2.52293/

And the foal on the stretch

Try and see how far it fits. ?

 

[hatzisn]

I don't know if php has web services but in .NET you just access the database locally in the server and the communications occur with web services.

 

[Unobtainius]

I was stuck on this back way back when and Aeric's sample helped me more than I can ever express.
I use it now as my preferred method of data access even though I have a full AWS web server and database.
My web code (initially PHP, but now ASPX) has SELECT, UPDATE, DELETE, INSERT, and run stored proc.
my url looks something like this
//https:/mysite.co.nz/dblayer?ACTION=SELECT&fields=field1, field2, field3& table=customers&where=field1 > 200&order=customer_name&deviceid=78623467523
for stored procedures
//https:/mysite.co.nz/dblayer?ACTION=EXEC_SP&sp_name=increase&deviceid=78623467523

sending even quite raw sql statements split up into separate web field query paramater thingies was me hoping this would negate sql injection
Also any passwords needing to be sent or received are always encrypted

It would also be possible to build the url query as a single encrypted item and split it up on the web server
so encrypt ?ACTION=SELECT&fields=field1, field2, field3& table=customers&where=field1 > 200&order=customer_name with B4X into a single variable
and so that as a single query parameter
//https:/mysite.co.nz/dblayer?dothis=B4XencryptedString&deviceid=78623467523
That would hopefully slow a hacker up for a while

The deviceid is one of a number of registered devices in one of my database tables
In my case I use this as preferred method simply because it means deny access to the database to all IP addresses other than my web server IP address
This at least gives me an approach for security that I can if needed explain to any concerned party

Mostly for me its a simple understandable approach and I'm a big fan of simple
Being APSX I could code a web service to handle my call, but for me I cant see the need, other to put it on my resume

I have a module with a bunch of the routines I need and use them all my projects now. Although not perfect, it works really well for me

public Sub InsertData(Jobname As String, fields As String, tablename As String, values As String, ProgressMsg As String)
    'wait For (IsOnline) complete (Sucess As Int)
    'If Sucess = 1 Then
    values = values.Replace(Chr(13), "")
    values = values.Replace(Chr(10), "\r\n")
    'Log($"?ACTION=INSERT&fields=${fields}&table=${tablename}&values=${values}&deviceid=${Main.company.DeviceId}"$)
    'Log($"INSERT INTO ${tablename} (${fields}) VALUES (${values})"$)
    ToastMessageShow(ProgressMsg, True)
    UpdateComplete = False
    Dim Job As HttpJob
    Job.Initialize(Jobname, Me)
    Job.Download2(Main.gblURL, Array As String("Action", "INSERT", "fields", fields, "table", tablename, "values", values,"deviceid",Main.company.DeviceId))
'    Else
'        ShowNoNetworkConnectionMessage(True)
'    End If
End Sub

 

[edgar_ortiz]

Try and see how far it fits. ?

Hi

does this work when a site is with "https"?
or do you have to do something extra?

 

[aeric]

Hi

does this work when a site is with "https"?
or do you have to do something extra?

You just need to edit the http to https
Example:

$server = "https://computerise.my/register-user-php/";