User Tag List

Results 1 to 9 of 9

Thread: Best way to read/write between HTML5 app and database?

  1. #1
    Clicker

    Fusion 2.5 MacFusion 2.5 DeveloperFusion 2.5+ DLCHTML5 Export ModuleiOS Export ModuleInstall Creator Pro
    Fusion 2.5 (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)Universal Windows Platform Export Module (Steam)
    ratty's Avatar
    Join Date
    Apr 2012
    Posts
    1,165
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)

    Best way to read/write between HTML5 app and database?

    I have a GET system in place but it seems unnecessarily complicated. Is there a different way of modifying and reading specific user data from the database on the server?

  2. #2
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator Pro
    SoftWarewolf's Avatar
    Join Date
    Jul 2006
    Location
    Norway
    Posts
    941
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    You really need to access a database with a server-side script for security reasons. You could do it with javascript and call functions with the html5 object, but this is extremely insecure as anyone can look at the code and get the password etc.
    So yeah, just do it with the Get object.

  3. #3
    Clicker

    Fusion 2.5 MacFusion 2.5 DeveloperFusion 2.5+ DLCHTML5 Export ModuleiOS Export ModuleInstall Creator Pro
    Fusion 2.5 (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)Universal Windows Platform Export Module (Steam)
    ratty's Avatar
    Join Date
    Apr 2012
    Posts
    1,165
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)

    Best way to read/write between HTML5 app and database?

    Is there a method to handoff the data between two HTML5 apps or the app and a login page? Are the GET requests within an HTML5 app secure, or can they be listened in on?

  4. #4
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator Pro
    SoftWarewolf's Avatar
    Join Date
    Jul 2006
    Location
    Norway
    Posts
    941
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Get requests can be listened in on, the user can read the content both ways and make their own get requests. Generally you should never trust the client, which in this case is the whole html5 app exported from fusion.
    Should be easy to make a quick function to store data if you want to communicate with two apps on the same page, you can also use cookies, or to store data even more permanently you should use the get object and a database.

  5. #5
    Clicker

    Fusion 2.5 MacFusion 2.5 DeveloperFusion 2.5+ DLCHTML5 Export ModuleiOS Export ModuleInstall Creator Pro
    Fusion 2.5 (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)Universal Windows Platform Export Module (Steam)
    ratty's Avatar
    Join Date
    Apr 2012
    Posts
    1,165
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)

    Best way to read/write between HTML5 app and database?

    I'm assuming the GET/database pairing is what I'm after. I'm just worried about people sniffing out the transmissions. If I have an SSL site, will that lock things down?

  6. #6
    Clicker Fusion 2.5 MacFusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleUniversal Windows Platform Export ModuleSWF Export ModuleInstall Creator Pro
    Christian_Wheel's Avatar
    Join Date
    Mar 2010
    Location
    Los Angeles
    Posts
    371
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Https will stop people from sniffing the packets, but if the url and password is embedded in your source, it's obfuscated but still readable by your users.

  7. #7
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator Pro
    SoftWarewolf's Avatar
    Join Date
    Jul 2006
    Location
    Norway
    Posts
    941
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    https makes communcation between the user and server secure by making sure nobody else is listening in between the two, but both the user and server have access to it. So the user/client could still sniff https, just not other ppl on the same network and isp's etc.

    anyway, the common thing to do is use a php script on the server, which handles request by the user and modifies the database. This layer is extremely important -> it's functional to do what you want to do, and also filters so the user can only do what you specifically allow them to do.
    (obviously any server side code is fine, such as nodejs, ruby, net or whatever.)

    when using sql make sure to clean your input: using pdo or something else that prepares your statements are enough. (just don't do "select/whatever $myvariable", do "select/whatever ?" and then add $myvariable after)

  8. #8
    Clicker

    Fusion 2.5 MacFusion 2.5 DeveloperFusion 2.5+ DLCHTML5 Export ModuleiOS Export ModuleInstall Creator Pro
    Fusion 2.5 (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)Universal Windows Platform Export Module (Steam)
    ratty's Avatar
    Join Date
    Apr 2012
    Posts
    1,165
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    I'm going to hire out for this process since I know so little about it and want everything to be secure. In the end, are these two practices safe:

    1. Send strings to the sql database via GET/POST commands from within my HTML5 app?
    2. Include the login process within the actual HTML5 app, which means the app is technically accessible by anyone. Is it breakable to do this or should the app be hidden behind a login?

    This is my first forest into hosting a paid app so I'm learning a lot. I appreciate all the guidance on security that I can get.

  9. #9
    Clicker

    Fusion 2.5 MacFusion 2.5 DeveloperFusion 2.5+ DLCHTML5 Export ModuleiOS Export ModuleInstall Creator Pro
    Fusion 2.5 (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)Universal Windows Platform Export Module (Steam)
    ratty's Avatar
    Join Date
    Apr 2012
    Posts
    1,165
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    I'll elaborate by providing some details of my application. It's an education app I'm hoping to have used mostly in schools but also by some individuals. The user must purchase a subscription which will create a license for them. Upon logging in, their credentials will be verified, ensuring their license is active and not expired. Throughout using the program, their settings/data will be saved and loaded from the database. Their will also be a separate teacher login which reads the same data within a webpage.

    It's easy enough to have a constant check if their license is active for the program to run, but if the code is all openly visible it would be easy for someone to spoof everything or possible compromise the whole system.

Similar Threads

  1. read/write an ini
    By arthurh in forum Android Export Module Version 2.0
    Replies: 9
    Last Post: 28th May 2013, 08:08 AM
  2. How to read/write to an HTM file from an applet
    By mobichan in forum Multimedia Fusion 2 - Technical Support
    Replies: 0
    Last Post: 18th November 2009, 11:41 PM
  3. Write and read 2 values at a time from array.
    By Popcorn in forum File Archive
    Replies: 0
    Last Post: 1st April 2008, 01:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •