Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Secure Applications

 
Luis Valle
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All:
If you want to access to a corporate database to obtain several confidential data, you usually have to give your user name and a password. If you want to develop a J2ME client to access this kind of information, how could you do that?. With HTTP, if you send your user name and password, the information is sent by an unsecure channel. Is there any possibility of handling this kind of data in J2ME? How could you do a secure authentification process if you have a J2ME client, like a Kjava phone?
Thanks a lot!
Best Regards, Luis ´┐Żngel.
 
Mark Herschberg
Sheriff
Posts: 6037
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Only hhtp needs to be supported. MIDP vendors might also choose to implement https, but I doubt it. You will probably have to provide your own encryption. I don't know of any encryption packages that run on J2ME yet (I do know plenty of open source sites which would love to get help porting :-)
Alternatively, if you just support a hash function, you can prove your identity using a nonce. Basically, the server sends a random message, the client hashes the message using the message, username, and password. Of course, this still vulnerable to some types of attacks, and data sent over the wire won't be encrypted either.
--Mark
hershey@vaultus.com
 
Eric Giguere
Ranch Hand
Posts: 170
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTP is the only portable choice. However, don't forget that on wireless devices HTTP is generally going to be simulated and the lower-level network may actually already have some degree of encryption.
And if you're looking for encryption for J2ME, go to http://www.bouncycastle.org for some code.

------------------
Eric Giguere
author of:
Java 2 Micro Edition : A Professional Developer's Guide
PalmTM Database Programming: The Complete Developer's Guide
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic