I have been doing some research on accessing a DB from mobile devices. There are so many different ways of doing it. There are also multiple ways to make it secure. What is a good way to access a database from a mobile device securely?
Also considering my specific case, where I have an existing WCF service which does everything I would need for the app, I would like to re-use it. I have been working on using jsonp calls to the service and develop apps for iOS, Android and windows phone. The calls are secured by HTTPS and I would be implementing some authentication policy for the calls. But how secure would all this be?
I have some really sensitive data to worry about. I am using HTML5 and JS for app development to keep it uniform and less difficult to manage for all platforms.
How do I access the database and keep my data secure?
Best Answer
You shouldn't be accessing any external database from a mobile device at all.
From the network's point of view, connection to a database should only be done within a local network where connection is reliable and fast, which is something you will not get with mobile connections.
From the design point of view, exposing a database directly is simply a bad idea, not only it's too lower level, also it will be a nightmare when users are using different versions of your app and trying to do different things to your database. You should provide RESTful web services with appropriate high API abstraction for your mobile app instead.