I want to develop app for viewing newspaper/magazine using Titanium Appcelerator, and I have a problem how to store data on phone that user can't access it other way than by app ? what format should that data have (blob, pdf, plain text) ? should they be stored in db, or as a files ? Can You post your suggestions below, please ?
In Titanium you have several options to store data. First you should check the data you get as input. Is it JSON or PDF or plain text or whatever.
Following options are available:
- store data using integrated databases (SQLite) - this might be appropriate when your input data is plain text or json that can converted to text or something like that. You can also store blob data in database if you want.
- store data using file system: on both iOS and Android (not mobileweb i think) you can store data persistent on the file storage. This is useful if your input data is a binary file (pdf or similar).
However in both cases the user is able and not able to read data.
- iOS: The User will be able to read documents persisted on the filesystem and maybe also data located in the database
- Android: i think on android this depends on whether the device has root access or not and where you store that data (within app folders or in external / internal but free accessible storage)
In both cases it's not easy to access this data. Usually a common user won't do that. For a professional user reading this data should be easy. So how can you secure this data, so that the user is not able to read it?
Either you store the data encrypted in a database (database encryption is not available in titanium by default so you need to use a module or encrypt data on your own) or you store it encrypted (this is also up to you - there is no ready-to-use method) on the filesystem.
In my opinion the first solution is the better one. I would do the following:
- get data (from the server or elsewhere, data type doesn't matter)
- convert to base64 (useful & required for binary files but also for plain text)
- encrypt base64 with an encryption algorithm of your choice
- store in database
because this can require much memory you should provide the option to remove this data to save space.
Related
I want to upload image from my Angular application to .net core api, because I want to save it in SQL database.
To do this I adding image via:
<input type="file" accept="image/png, image/jpeg">
And I have object type of File
I found this tutorial for API which says that my property in backend should looks:
public byte[] ImageData { get; set; }
But I'm not quite sure how am I suppose to convert it to that type before I'll send it to API. Any idea?
I have one advice for you before you implement your solution
Storing files in Database is not best practice. Your database can become huge and serving those files could become costly to your code.
Instead, you can store those files as static to serve more efficiently. It’s a simple process, just save the metadata (size, file, type, etc) of those files, and store the path to serve after.
For more information, read here.
Or follow these steps:
Convert binary to base64 on your javascript client (how to).
Send base64 string on your body request
In your Endpoint get the data and store in your database as String
You can use a storage to upload your files/images, it should provide a URL for this media file, and you can store this URL in the SQL database.
Please follow this link for better understanding assuming you will use firebase storage, but you can use any storage provider or build your own.
Is there a way to use javascript or ajax to encrypt file uploads, if so can you give me an example or link to working example?
The answer is Yes, there is a way to use javascript or ajax to encrypt file uploads. You can use standard Web APIs that have built-in native support in browsers: Use the standard File API and WebCrypto API to get the file from your filesystem and actually encrypt it—along with the Indexed Database API (indexedDB) (if you want) to store the encrypted file on the client side in the browser. A good simple example with working code is at Upload a file, encrypt it, calculate the hash and store the results using indexedDB.
Short summary of how to do it
The first step is just the normal step of creating an input type=file element in your HTML, and binding a function to it for getting the file from your filesystem and doing something with it; e.g., use onsubmit="my_file_handler".
After that, inside your my_file_handler (or whatever name) function:
Use .files[…] from that to get the input file(s).
Define a function that takes a cryptographic key; within that function:
create a new FileReader object and use, e.g., .readAsArrayBuffer(…) to load the file
use crypto.subtle to create a new SubtleCrypto object
use .digest(…) with that SubtleCrypto object and then crypto.subtle.encrypt(…) to actually encrypt the file with that key
use indexedDB.open(…) and friends to open a connection to a DB and to put the encrypted file into it.
Use .importKey(…) to get the key and call your function in step #2 on it to process the input file with it and store it using indexedDB.
Use an HTTPS URL to upload the files and the browser will encrypt the data for transit automatically.
(This assumes you want to protect the file in transit and not that you are trying to protect the file from people with admin rights on the server)
I am making an application that will store a Azure SQL server DB user information, including profile photo downloaded from Facebook. On the server side, ASP.NET MVC4'll have a controller that will receive the information and send it to the database.
The client side is Javascript and thought to give the image in json (once converted to base64). Is it a good option? Is it better to directly send the jpg? What are the advantages of sending information in json?
In SQL Server image field would be stored as a nvarchar (max)
Are you going to return the image as a binary stream content type image/jpeg or as a text stream encoded base64? Is far more likely that you're going to do the former, so there is little reason to go through an intermediate base64 encoded transfer. And of course, store them as VARBINARY(MAX). Even if you would choose to store them as base64, choosing an Unicode data type for base64 text is really wasteful, (double the storage cost for no reason...), base64 can fit very well in VARCHAR(max).
But, specially in a SQL Azure environemnt, you should consider storing media in Azure BLOB storage and store only the Blob path in your database.
In my opinion, it's better sending the image directly in .jpg using Multipart Forms or something like that.
Sending information in Json is useful when you transfer explicit data, like collections or objects that you will be able to query or de-serialize later.
The client side is Javascript and thought to give the image in json (once converted to base64). Is it a good option?
As Pasrus pointed out, you are not going to manipulate the image data. So JSON does not seems to be a good choice here.
One option is, you can add the base64 data into src attribute in html tag and send it.
What are the advantages of sending information in json?
Please check this answers and there are so many:
Advantages of using application/json over text/plain?
In SQL Server image field would be stored as a nvarchar (max)
Please refer this link:
Storing images in SQL Server?
I'm building an ASPX website that should allow the user to download a CSV/Excel file (including the 'Save To' dialog). The CSV contains encrypted data - the decryption key is available at user side and should be kept secret against the webservice.
So decryption actually should be performed within the browser, a javascript implementation (sjcl) has proofed to work fine.
But how can the incoming datastream during a file download be influenced? Something like a browser hosted proxy performing the javascript decryption?
#closure: thanks a lot! Ajax is no problem, and the idea
<a href='data:application/csv;base64,aGVsbG87d29ybGQNCg=='>click</a>
is really cool, but it has two problems: it seems not work with IE and it is not the right approach for really huge tables. The solution should be able to handle many thousands of records, therefore we need some sort of download stream encoder/decrypter.
Here are the steps to achieve this:
Instead of downloading the CSV directly to the client machine, fetch it via ajax
Once the data is received in via Ajax, parse the CSV via many available functions on internet. Let me know, if you need help on this. This function will convert the CSV to native Javascript Arrays.
Walk through the Array and covert the encrypted data to unencrypted data. Do it natively in the same Array.
Convert the array to CSV (Again there are functions in public domain)
Make a link (a element) and set the href to local data like data:text/csv;charset=utf-8, + encodeURIComponent(csv)
Present this link to the user and ask him to click on it to save the file locally.
Where are the data stored in local storage? Is it in form of some text or ASCII format or some other? Is it possible to store JSON data in text files (which can be regularly) updated and retrieve them back? I want to store some JSON data but since my requirement is not so big, I want to abstain from using a database for now.
Local storage can only store strings (any data you might have, have to be converted to string upon saving in storage and "revived" upon reading from it).
JSON data is more than fine to be stored as a string so it is good choice of format for keeping complex data in browser storage (either local storage or session storage).
You can learn more about storage here: http://diveintohtml5.info/storage.html
As to where the data is being stored, I imagine it varies from browser to browser but you don't have to worry about where is the data, since you don't have any direct access to it (only through storage API).
Edit: Quick note - I've found this article stating where is storage data stored by Firefox - https://developer.mozilla.org/en/DOM/Storage (see section "Storage location and clearing the data" at the bottom of the page).
I wrote a tiny script to allow storage, and reading of arrays, strings, and objects into local storage. IT even lets you modify nested keys within the objects you store. Here is a link to the tiny script. https://github.com/andresgallo/truStorage/blob/master/truStorage.js
Getting:
const got = JSON.parse(localStorage.getItem('my-key'));
Setting:
localStorage.setItem('my-key', JSON.stringify({ a: 'A' }));