• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Secure Applications

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All:
If you want to access to a corporate database to obtain several confidential data, you usually have to give your user name and a password. If you want to develop a J2ME client to access this kind of information, how could you do that?. With HTTP, if you send your user name and password, the information is sent by an unsecure channel. Is there any possibility of handling this kind of data in J2ME? How could you do a secure authentification process if you have a J2ME client, like a Kjava phone?
Thanks a lot!
Best Regards, Luis �ngel.
 
Author
Posts: 6055
8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Only hhtp needs to be supported. MIDP vendors might also choose to implement https, but I doubt it. You will probably have to provide your own encryption. I don't know of any encryption packages that run on J2ME yet (I do know plenty of open source sites which would love to get help porting :-)
Alternatively, if you just support a hash function, you can prove your identity using a nonce. Basically, the server sends a random message, the client hashes the message using the message, username, and password. Of course, this still vulnerable to some types of attacks, and data sent over the wire won't be encrypted either.
--Mark
hershey@vaultus.com
 
Ranch Hand
Posts: 170
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HTTP is the only portable choice. However, don't forget that on wireless devices HTTP is generally going to be simulated and the lower-level network may actually already have some degree of encryption.
And if you're looking for encryption for J2ME, go to http://www.bouncycastle.org for some code.

------------------
Eric Giguere
author of:
Java 2 Micro Edition : A Professional Developer's Guide
PalmTM Database Programming: The Complete Developer's Guide
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic