1

I'm currently writing an application for the iPhone, and I need to retrieve data from a MySQL database that is remotely hosted.

I have decided to use PHP to be my "middle man", retrieving the data from SQL, and parsing it to XML.

I will host the PHP file at the same domain as my MySQL server, and call to it in Objective-C. Example: http://backend.foobar.com/retrieve.php

My question is, are there any security issues retrieving information in this way?

I am not transmitting any sensitive data, I'm just thinking database integrity etc.

Thanks guys!

Improve this question

1 Answer 1

Reset to default
3

If it's just to retrieve data, then create a user in MySQL who only has SELECT privileges on the database/tables you'd be accessing remotely. That would preclude anyone doing some sql injection attacks and trying to drop or otherwise manipulate the database - they simply would not have the rights to make any changes.

If your app needs read/write permissions, then you've got a lot of work to do - sanitization of inputs, proper query construction (eg. using PDO) to prevent injection attacks, etc...

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

My app will only need to read from the database. Thanks for your help, I will look into making a user in MySQL who only has SELECT priveleges.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.