If I use SSL connection for my iphone app to query the database using web as the datasource, is it possible that the links and info that goes back and forth from the server to iphone will be encrypted in a way that nobody could see it. Additionally, i believe that the iPhone caches info, the web interface can cache data going to and from the device.
By another person i was told this:
SSL is only the transfer, what the app uses on the device is not encrypted just because what is transferred is. If the app uses no cache and you use SSL, you could be safe, the simple fact is that almost all apps cache data prior to transmitting it. Therefore, you would have unencrypted data on your device.
So what are my options if i want to build an app that uses the web as the datasource, stores nothing on the app, and uses no cache. I want all data coming from and to to be encrypted.
At some point, you're going to receive data from a server. That data needs to be put somewhere, like in a data buffer. There's absolutely no way around that. If you're using SSL then the transfer process will be encrypted. As your "other person" said, as long as you don't explicitly cache the data, then that's about as much as you can do to protect yourself on iOS.
I'm not sure exactly what you're expecting here, otherwise.
None. To do anything except transferring the data, you need to have it decrypted. If it is decrypted it will be in the RAM of your device. How secure that is depends on the application. In theory there are some operations that can be performed on encrypted data, but in practice this is only useful for a handful of applications (and it's a hard thing to develop).