Last post Oct 01, 2018 05:55 AM by Nan Yu
Sep 29, 2018 07:20 PM|sdyson31|LINK
I have been using Microsoft sync framework to sync data b/w two locations and that sync framework is not supported by micro soft anymore. For new project ,the new requirements are to have something else which can be used to read data from production database
and then insert it to local database.
I have been thinking about writing an API which will sit between desktop application and production database. Call to API method will be part of our normal sync process which will read data from one table in production db and then insert it to local table.WEB
API will be published to our server which is on network and local database will be outside our network.
1- What kind of security i need to implement when reading data from API? Data will be in encrypted format. Is there any need of implementing token base authentication?
2- Is there any other better technique then API?
Sep 29, 2018 08:00 PM|DA924|LINK
SSSB if you are using MS SQL Server, it can communicate with database engines database engine to database engine on the LAN or WAN, even MS SQL Express has SSSB. You can also use VB or C# .NET too since SSSB works with the CLR.
Oct 01, 2018 05:55 AM|Nan Yu|LINK
Token Based Authentication is more secure, more reliable and makes your system loosely coupled. It will be a better choice to create REST API using token-based authentication, if your API reached to broad range of devices like mobiles, tablets and
Tokens are uniquely generated per application and site. If someone steals a token, they have not stolen your password, and that token is only good for that session only.
In token-based authentication, you pass your credentials [user name and password], which go to authentication server. Server verifies your credentials and if it is a valid user then it will return a signed token(can access your database) to client
system, which has expiration time. Client can store this token to locally using any mechanism like local storage, session storage etc and if client makes any other call to server for data then it does not need to pass its credentials every time. Client can
directly pass token to server, which will be validated by server and if token is valid then you will able to access your data.