Android App to get and post data from SQL Server (security concern)

I am a newbie and I've read many topics related to my question, but I still have a 开发者_如何转开发few questions in mind for which I need your assistance. Any kind of information would be helpful.

My application: I have a web site to sell tickets and an app to sell the tickets both should access the same database (centralized Windows server).

I read many topics related to my question and understood, using jTDS would be the best idea for my requirements. But after reading the following topics, I am little bit confused whether I am moving in the right direction or not. So please help to find the right direction.

using an Android app to post entries to SQL Server

How can I use external JARs in an Android project?

My questions are:

1. Which is the best way to access SQL server from both my app and website?
2. What kind of security issues do I have to consider? As my app will be used worldwide, do I have to take a special care for security?

Any tutorial or advice will be appreciated.

You must run a webservice based on the REST or SOA to do that. REST is lightweight. I don't recommend using a JDBC connection. I am not sure jTDS would work on Android. If you are about to deploy a webservice you have to look after authentication and SQL injection.

Use a WebService to talk to the database, and the Android app will talk to the WebService. You don't want the clients to talk directly to the database. In the WebService you can do any authentication/security checks that you want. If you use stored procedures in your WebService, you don't have to worry about SQL Injection.