Best Practice for Back End Server DataBase

Designing a new app and I’d like to know what is best method for accessing databases on cloud server. The back end will most likely be AWS RDS Aurora MySQL (either server or serverless - but it doesn’t really matter what back end I use). I see two methods:

  1. The mobile device would directly issue SQL commands to the server from the mobile app. It would appear we would need an ODBC compliant library to run on the mobile app if using AWS RDS Server Database. If using the AWS RDS Serverless Database, then accessing the data directly from the mobile app would be some HTTPS calls using the AWS Data API.
  2. The mobile device would issue commands to an intermediate server who performs the SQL commands to the database server. This would be HTTPS calls to a restful service that would also have to be written. And it would be nice if that could be written in NSB JavaScript.

Suggestions of a different alternative or services welcome.

You wouldn’t want the ODB complaint strategy as there are too many security holes. Most likely you’ll use a language like PHP to parse your request, validate your data, protect your query/insert from sql injection, query the database and package and return the data to your app.

You shouldn’t send the database queries directly from your app to the database server. It’s a very insecure way of doing this. ‘Little Bobby Tables’ is now part of the computer lore:
(from XKCD)


I have not done this personally (yet!), but an interesting option for a server would be to use a Node server. It lets you do the server side programming in JavaScript.

You can get servers in the cloud preconfigured with Node, then add the modules you need for AWS RDS Serverless Database and other stuff.

And of course, if you’re really determined to use java as your back end language you can always use tomcat.

Bobby Tables, yes, completely missed the obvious.
This looks like one way to do it at AWS, if I read the article correctly. Do you agree? If so, I’ll try it out.

I checked with one of the guys here.

That article is actually listing 5 different ways to do it. I would probably use lambda functions to start with as they have the lowest support bar and go from there.

Yes, there were 5. I choose Lambda with API Gateway. Spent 30 mins reading up on it and tutorials and another 15 making the first instance - that worked from browser call. Very easy.
Do you suggest using ajax calls or something else to do “GET”,“POST”,other methods.?