Hi
I am thinking about writing my first mobile app in xojo that will also have a web and desktop version.
I was thinking about using a cloud based database to deal with all the syncing etc and was wandering which services people have used with Xojo to do this.
hmm,
2 possibilities,
direct,
myself testing a mysql/maria database server enviroment in a vps.
so the web app is together with the database.
for desktop app i used ssl connection to mysql.
to protect a vps you need expert knowledge. (for testing there exists free online services)
indirect, (circuity)
json, xml, object serialization between server & client.
making web apps (to use at phone) are a little bit tricky because network connection, sessions, app will restart, ssl certificate.
FULL STOP!
Never ever connect directly to any database via Web, Never ever leave your database with open ports to the internet (MariaDB, Postgres, MSSQL whatever).
This is not only bad habit this is completly unsecure. Your authentification and your data transfer is completly unencrpted so everybody in between can read everything in cleartext.
The usal way is to use a JSON Webservice with TLS encryption, Cert-Check, DH Key Exchange and full encryption of your transfered data.
[quote]Your authentification and your data transfer is completly unencrpted so everybody in between can read everything in cleartext.[/quote] i not agree if u use ssl.
why do you fear open ports, there is ssl and certificates? nobody will see login data or transfer data.
if web app + database is on the same server where is the problem.
if desktop app use ssl where is the problem.
i agree with that open ports can be misused and software behind can crash if it would let connect everything.
the biggest security risk is the installed open source software with this “endless” dependencies, especially at linux.
documentation.xojo.com/api/databases/mysqlcommunityserver.html#mysqlcommunityserver-sslenabled
First you mean TLS not SSL. Second this is not secure either. Every Proxy Server or Man in the middle can put himself in between because in 99,9% either mySQL/MariaDB or your app is checking the certs and the hosts. In Enterprise networks with Deep Packets Inspection Firewalls this is sometimes mandantory. You may use your fav search engine for words like fragrouter, dnsspoof, webmitm, ssldump or urlsnarf if you want to play around with MITM methods.
Interesting statement, so why you are using Open Source MariaDB, openSSL Libs and SSH then?
“Man in the middle” all admin people that are working at ionos as example? or Mr. Zuckerberg. 
typically both device need a certificate to trust each other.
means for TLS you need a authentication with certificate. (the link above with ssl enabled should do it)
because its free. 
just be aware of “sudo”, same for windows if you install something with Admin permissions.
[quote=462730:@Tomas Jakobs]FULL STOP!
Never ever connect directly to any database via Web, Never ever leave your database with open ports to the internet (MariaDB, Postgres, MSSQL whatever).[/quote]
In case you need proof…
ups, should not happen.
there are many security vulnerability and possibilities.
it could also happen with a indirect webservice.
Better read the licenses for them as they are NOT free for commercial use
If you want a truly free for any use database use PostregSQL
End do NOT expose you db directly to the internet
Put some service in between as then the service has to be hacked first
And that service can do a better job of hiding what DB is used
That information alone can be used to hack the DB itself as there are known vulnerabilities for most of them
Really useful info thanks.
Going back to my original question, i am trying to find a database service that will handle all the sync issues for me. Maybe something like Fireband or something else that will work with xojo.
I’m interested in this too…