Well, probably this is a stupid question, but after to surfing the web the last week...this is my last shot.
Questions:
It is possible to create an API to call a SQL database to retrieve records?..In a secure way..?
What apps/tools/methods can I use? hopefully...VS, Python, PowerShell...etc
Can I encrypt that call?and create a method to decipher the data?
I'm not the app owner, what questions should I make to the app developer?
FYI Currently I cannot use cloud vendors or third party tools to do the transformation :(. But if there is a strong tool/vendor maybe I can negotiate it.
I have consulted:
API to database: API to Database?
How to quickly create a simple REST API for SQL Server database - https://medium.com/voobans-tech-stories/how-to-quickly-create-a-simple-rest-api-for-sql-server-database-7ddb595f751a
Any ideas?
Try rolling out redash with the bitnami stack. It's free, as in speech.
Bitnami will take care of setting up https etc if you do it on AWS. You need a t2-small I think. There's how-tos for let's encrypt etc also.
You can dish out links to "widgets" with an embedded API key. The widgets can be json or csv. They will only provide access to predefined data queries, but you can get that data from anywhere, not just your SQL server.
Related
We are a SaaS product and we would like to be able have per-user data exports that will be used with various analytical (BI) tools like Tableau or PowerBI. Instead of just managing all those exports manually, we thought of using some cloud database such as AWS Redshift (which will be part of our service). But then, it is not clear how is user will access those databases naturally, unless we do some kind of SSO integration with AWS.
So - what is the best practice for exporting data for analytics use in SaaS products?
In this case you can build your security in to your backend API layer.
First you can set up processes to load your data to Redshift, then make sure that only your backend API server/cluster has access to redshift (e.g. through a vpc with no external ip access to redshift)
Now you have your data, you can validate your user as usual through your backend service, then when a user requests a download through the backend API, the backend can create a query to extract from redshift only the correct data based upon the users security role. In order to make this possible you may need to build some kind of security column into your redshift data model.
I am assuming getting data to redshift is not a problem.
What you are looking for, if I understand correctly is a OEM solutions.
The problem is how does one mimic the security model you have in place for your SaaS offering.
That depends on how complex is your security model.
If it is as simple as just authenticate the user and he has access to all tenant data or the data can be easily filtered for user. Things are simple for you. Trusted authentication will allow you to authenticate that user and user filtering will allow you to show him all that he has access to.
But here is the kicker, if your security is really complex , then it can become really difficult to mimic it within these products.
Here for integrating tableau this link will help:-
https://tableau.github.io/embedding-playbook/#
Power BI, this product am not a fan off. I tried to embed a view in one my applications and data refresh was a big issue.
Its almost like they want you to be a azure shop for real time reporting.( I like GCP more )
If you create the api's and populate datasets then they have crazy restrictions like 1MB/sec etc.
On the other instances datasets can be refreshed only 8 times.
I gave up on them.
Very recently I got a call from Sisense and they seemed promising as well from a OEM perspective. You might was to try them.
I have already
1. Searched on google
2. Here on stackoverflow
3. Some recommendations for me on my posts, that not to use direct connections free text statements from App to SQL Server, rather than to use mostly recommended REST API services.
Overview
I find SQL Server connection very smooth in Xamarin Forms development. My major projects are web based asp.net c# and desktop based vb.net which use same Hosted MS SQL Server 2012 Express (Virtual Private Server and not shared server) Database.
In Desktop we have option such encrypting the app.Config file where we can store the database connection secure credentials.
In Web-based we have web.config file where we say its secured way to put credentials there.
(If wrong please correct me)
Frankly I tried at initial stage REST API Services including Microsoft Azure but it looks very complex or some or other limitations for me in approach or pay strucure. (Or say may be I totally am now flexible in c# regular statements).
As I am having own Hosting Server I don't want to choose again any other.
Finally to my query
Now I store in Xamarin Forms Class folder in .cs all secure credentials.
/------------------------------------------
//Connection String
//------------------------------------------
public static string appNutri_connection_string = #"data source=<IP ADDRESS>;initial catalog=<Database_Name>;user id=<user_name>;password=<pass_word>;Connect Timeout=600"
And I use this appNutri_connection_string throughout project for connections.
Also when we compile the Package we are opted first to enter password before distribution.
Not only that before we upload it on Google Play, it rechecks Hash Key credentials respective package name, then only it publish the apk.
So please let me know how is not safe for APK to store credentials in .cs file. Secondly , most important is there any other solution to encrypt the credentials file? So that I do not need to break my so smooth trend going on all platforms.
This is a very crucial stage for me to go further as still I am in very initial stage of product live implementation. So do not want to go further with any loop holes or wrong perception. Data (Client's especially) Security and Privacy is my major Task. Cannot compromise on that anytime. So please suggest me best way to achieve this task.
(Once again may be a possible duplicate question but frankly I did not found a detailed explanation or information nor here nor on any google search)
As you are in very initial stage of your product lifetime, PLEASE CHANGE YOUR ARCHITECTURE!
Never, nerver connect directly to a sensitive database from outside - put at least a front-end layer (eg. API) between public clients and your database.
Im building a simple angular application and there is a small administrator panel for updating the content (a .json document). I'm looking for a way to edit the json document from the administrator panel.
I can manipulate the memory-loaded json but I can't save it. Is there a way to put the json file in some kind of cloud database and connect to it without setting up a server or backend for my application?
I want my application to be easily deployable on any ftp so I can't setup a nodeserver or install something like couchdb.
Any ideas are appreciated.
You could use a provider like Parse. It's free (up to a limit of requests/month), has a nice JavaScript SDK that would get you up and running quickly. https://parse.com/
Also, check out this query builder to aid in retrieving your data from Parse. It's built as an Angular service for easy integration. https://github.com/dpollot/parse-query
EDIT
Parse also offers hosting, for free.
My question is how do i get information from a server to my iphone app. let's assume I have completed my current project I'm working on that only needs data to be uploaded to my application.
I understand there is a database or server I must create but how do I go about creating or modifying one for my needs.
I mainly want to store login information from one user and allow users to search for people who have entered login information (name) to add to a friends lists within the current app.
i think in your case you can use Django-tastypie for backend will be good choice.since using django you can develop it in quick time and the tastypie has api services which can used easily for retrieval and sending data
you can go through this
http://django-tastypie.readthedocs.org/en/latest/
Take a look at services like Stackmob or Parse. These types of service could make it really easy for you to get the server side part of your application up and running. These services would act as your database and also provide an easy api for you to access the server side pieces.
I have built an ERP for a small company using MS-Access (front end) and SQL Server 2008 R2 as database. Now one of their clients is implementing "SAP Business one" and I am asked to provide a web service for that SAP to enquire our database for stock availability.
I don't really know where to start. I have seen there are native web services in SQL Server, but MS seems to discontinue that.
From what I have googled, I understand that REST is not appropriate, because we want the service to be restricted to identified clients, so we would have to go for SOA and WCF ?
Is that correct or stupid ?
I am looking for links / books, or very simple code samples (if that exists).
I have already found Good starting point for learning to create ASP.NET SOAP web services and https://stackoverflow.com/q/296040/78522.
Any suggestion welcome, thanks.
Edit: just for the info: I have found these 2 links quite usefull, specially the 1st one, which is really "quick and practical", ideal for a total newbie in the field.
on w3schools.com
on siteduzero.com (in French)
Windows Communication Foundation
Windows Communication Foundation Walkthrough
https://stackoverflow.com/questions/386801/wcf-book-recommendations
I understand that REST is not appropriate, because we want the service to be restricted to identified clients.
This is not correct. REST services can have security, and most of them that I'm aware of do. The common ways to do this are:
Use HTTP authentication (basic or digest). Most languages will already have libraries to handle this for you.
Define some other way of logging in. Some REST services accept a username and password and return a cookie. Some use OAuth. Twitter is a good example of this.
Don't use login at all, just validate that the client has some sort of token or password (probably sent as a cookie).
Use any other form of security that works over HTTP.