Java Reference
In-Depth Information
CHAPTER 18
■ ■ ■
Protecting Network Data
M
IDlets are undeniably cool—providing Java code that runs on a small device and HTTP
network connectivity as well. But once you start thinking about the possibilities, you realize
that a lot of applications just aren't possible without some form of data security. What if you
were going to buy something? You shouldn't send credit card numbers over the Internet without
some kind of protection, and you shouldn't send sensitive corporate information over the Internet
to small devices. Many applications, then, need something else—something that keeps sensitive
data from being stolen. The answer in the MIDP world is no different than the answer anywhere
else: cryptography.
Cryptography Review
Cryptography
is a branch of mathematics. It's based on the idea that certain kinds of mathe-
matical problems are hard to solve. Using cryptography is a bit speculative; as research in
mathematics continues, it's very possible that someone will discover a way to solve (or “break”)
most of the modern cryptographic algorithms. Nevertheless, for today at least, cryptography
provides protection for sensitive data, and there aren't many acceptable alternatives in the
everything-connects-to-everything modern world.
The Internet Is a Big Room
There are many aspects to the security of a system. We'll focus on the data your MIDlet sends
and receives over the network. This data travels over some infrastructure most know nothing
about (provided by your mobile carrier) and probably over the Internet, as well. The Internet is
definitely not a secure network, and your carrier's mobile infrastructure probably isn't either.
If you're passing sensitive data around, it's very possible that eavesdroppers at various points
in the network can listen in on the data. They may even be able to change parts of it. If your
MIDP application involves passing around credit card numbers or sensitive corporate data,
you should be concerned.
Think of the Internet as a big room. You can talk to anyone else in the room, but everyone
else can listen in on the conversation. Furthermore, you may be talking to someone on the
other side of the room through intermediaries, like the children's game of “telephone.” Any
one of the intermediaries might be changing the conversation, and they can all hear what
you're saying.
343
Search WWH ::
Custom Search