Connecting to database (Best Practice)

J_K_JJ_K_J USMember

Hi, i'm new to xamarin and have a question about database connections.

As i understand it, xamarin has SQLite built in.
But what if you already have an SQL database with all your data. What is then best practice? I read that some just uses REST to request data?

Thanks! :smile:

Tagged:

Posts

  • DaveSmashDaveSmash USMember ✭✭

    Yes, I would recommend requesting your data from a RESTful web service, and have the web service query the database. There are several advantages to this.

    1) If you want to make changes to your queries for the sake of fixing bugs, doing performance tuning, or adding features, you can immediately push an update to the web service, and your end users will not have to update their app.

    2) It is a best practice to whitelist IP addresses that can access your database (for example, to use Azure's SQL databases, you must enter every IP address that will access the database - requests from other IP addresses will be denied.) Your web service will have one, predictable IP address, while your app might be on thousands of devices that each get new IP addresses all the time.

    3) You can make a more secure system this way. I am not a hacker, but I feel like storing things like SQL connection strings and passwords on a relatively vulnerable device like a user's phone is more dangerous than having it on your web server. Also, you can add additional security logic to your web service and patch security holes immediately (again, without your user having to update their app.)

  • J_K_JJ_K_J USMember

    @DaveSmash said:
    Yes, I would recommend requesting your data from a RESTful web service, and have the web service query the database. There are several advantages to this.

    1) If you want to make changes to your queries for the sake of fixing bugs, doing performance tuning, or adding features, you can immediately push an update to the web service, and your end users will not have to update their app.

    2) It is a best practice to whitelist IP addresses that can access your database (for example, to use Azure's SQL databases, you must enter every IP address that will access the database - requests from other IP addresses will be denied.) Your web service will have one, predictable IP address, while your app might be on thousands of devices that each get new IP addresses all the time.

    3) You can make a more secure system this way. I am not a hacker, but I feel like storing things like SQL connection strings and passwords on a relatively vulnerable device like a user's phone is more dangerous than having it on your web server. Also, you can add additional security logic to your web service and patch security holes immediately (again, without your user having to update their app.)

    Thanks for the really great answer DaveSmash!
    I see your point, and would prefer this solution myself as well.

    I think that this is what azure wants too, since they are giving you the mobile app option of downloading the runtime(backend) and frontend in two separate solutions.

    Have you tried doing it through azure mobile app?

  • DaveSmashDaveSmash USMember ✭✭

    @JannikKJ said:

    Thanks for the really great answer DaveSmash!
    I see your point, and would prefer this solution myself as well.

    I think that this is what azure wants too, since they are giving you the mobile app option of downloading the runtime(backend) and frontend in two separate solutions.

    Have you tried doing it through azure mobile app?

    I tried the mobile app service once (from Swift, not Xamarin), and was turned off by the EasyTables feature, which I believe is the "built-in SQLite" that you mentioned. I'm sure it's fine to learn on, but like you, I already had some SQL databases that I wanted to continue using, and I already have a comfort level with SQL Server, which is more of an enterprise-grade product.

    Instead, all of my web services are Azure Web Apps (not mobile apps) and use the normal Visual Studio ASP.Net MVC Web API template and a SQL Server database. If you are not familiar with Web API, basically you set up a controller for each object type or view that you want to support read/write operations on, and you have a function in each controller to support each verb (GET, POST, DELETE, etc) that you want to support. You can always add a Web API project to your current Xamarin solution if you want to use the same object model and classes from your PCL/shared project. Pushing to the cloud is as easy as right-clicking the project and clicking "Publish" (Azure lets you download the publish profile from their portal - the first time you will import that file using Visual Studio, and after that, it's a no-brainer.)

    Depending on your needs and skill set, I imagine that Azure Mobile Apps are a quicker and easier way to get started, and offer some additional useful features above and beyond just accessing a database, but if your goal is just to expose an existing SQL Server database, Web Apps are probably an easier way to do that in my opinion.

Sign In or Register to comment.