I'm currently building out an application that stores user data in a database. Part of the specifications of the application dictates that the user should be able to access their data from anywhere, this includes phone based apps that I'm planning to write with HTML5 and port using one of the various HTML to app converters.
My issue here, is that since the data needs to be access from several devices, I'll need some sort of central database to store the information. I have no problem writing code to query the database, but the issue of how to handle it on the phone side is giving me a little trouble.
I've read before that it's unwise to embedded the database login credentials in each app, and this makes sense. However, then I'm not sure how I would need to go about adding the ability to connect to the databases.
I'm thinking about adding in some sort of database connection layer to my application. I'm thinking of having some sort of key added to the app itself, which is required by the database to connect. That way, the login credentials are only stored in one place, and on my server.
There are still some concerns with this approach in my mind.
Is this going to be a large performance issue; having to connect first to a script before querying the database and then having it perform some sort of check to send the data back to the user?
Is this really necessary and any more secure? How bad of an idea is to to directly code the database login into the app itself, and how much risk of any potential problems does this actually migrate?
When it comes down to it, I don't have much experience with this type of application, and I'm wondering if my idea is good enough to work, or if there is any other ways that are clearly better that I should look into.