[OWASP-Ireland] Secure application development in Mobile apps
Eoin.Keary at allianz.ie
Eoin.Keary at allianz.ie
Mon Jul 25 10:56:21 EDT 2005
Sure thing....
There is potential for developer mistake in a fat client, things like:
Storage of private/secret jey in code (hardcoded)
Storage of password (hardcoded)
Absolute paths for server or client.
Developemnt accounts or trapdoors (Debug) which are commented out, but may
be still valid!
Stuff like that.....when decompiled would be handy.
Eoin Keary
Contractor
Allianz Ireland
IT Security (Tech Admin)
Security Projects Division
Dir: + 353-1-613-3490
Mob: + 353-87-904-1922
Mailto:eoin.keary at allianz.ie
Ph 01 6133490
"John Marmelstein" <john at strongpoint.ie>
Sent by: owasp-ireland-admin at lists.sourceforge.net
07/25/2005 01:36 PM
Please respond to
john at strongpoint.ie
To
OWASP-Ireland at lists.sourceforge.net
cc
Subject
RE: [OWASP-Ireland] Secure application development in Mobile apps
I'd suggest that a major risk from a fat client is a badly-implemented
official version of the client, as opposed to some hacked one, as the
article discusses. There's nothing inherently wrong with using a fat
client, as long as all communication goes via some secure channel. But,
a development error could break that principle.
With a thin client (ideally pure, basic html) you have the browser's
pretty well accepted security available. This generic security
implementation is most likely better than any custom implementation.
Granted some custom code might also be needed, but the less of it (and
the more isolated) the better!
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
OWASP-Ireland mailing list
OWASP-Ireland at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-ireland
******************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
contact the Helpdesk at 3955.
*******************************************************************************
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Allianz Ireland p.l.c. and Allianz Corporate Ireland p.l.c. are companies of the Allianz Group, Europe's leading global insurer and provider of financial services.
For more information on our products and services log on to www.allianz.ie or call us on (01)613 3000.
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action or reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you have received this in error, please contact the sender and delete the material from your computer.
Allianz Ireland p.l.c. trading as Allianz is regulated by the Irish Financial Services Regulatory Authority (IFSRA).
Allianz Corporate Ireland p.l.c. trading as Allianz is regulated by the Irish Financial Services Regulatory Authority (IFSRA).
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-ireland/attachments/20050725/e13d2ad3/attachment.html
More information about the Owasp-ireland
mailing list