Chapter 13: Wireless Device Security

Overview

• Defining .NET Compact Framework Security Issues

• Developing Wireless Programs That Work in Two Environments

• Understanding the Effects of Security Policy on Mobile Applications

• Understanding Component Calling Limitations

• Working with the Simple System.Web.Security Namespace

Wireless devices have stirred more than a little controversy in the workplace. Some people are addicted to their gadgets; others find them a nuisance that makes any thought of freedom a pipe dream (your boss can now find you anywhere that provides the proper connection). Corporations currently question the viability of using wireless solutions in some areas, but try to implement the solutions anyway to avoid losing a perceived technical advantage. The computer industry is already questioning the viability of some wireless businesses such as Wi-Fi hotspots (see the InfoWorld article at http://www.infoworld.com/article/03/06/02/HNwifistudy_1.html). Many developers look at wireless as a source of extra work. Network administrators view wireless as the biggest security hole in the organization and a source of support headaches.

What you do get out of this chapter is information about what the .NET Compact Framework can do for you. The .NET Compact Framework is a smaller version of the .NET Framework that Microsoft designed especially to meet the needs of certain mobile devices such as the Pocket PC. You might be surprised to learn that many of the security features discussed for the .NET Framework in this book also work with the .NET Compact Framework. The help files supplied with Visual Studio .NET clearly mark the functionality that works in both environments. I’ll be sure to discuss some of the more important crossovers, but be sure to check other elements as you need them.

The chapter does discuss a few configuration issues you need to consider as part of the development for your application. First, you need to identify the environment in which the application will operate correctly. An application designed specifically for the Pocket PC that doesn’t rely on a Web connection is always more secure than a Web application designed for a number of platforms. Second, you need to consider the effect of security policies on your application. There’s a chance that a security policy that looks fine for desktop applications will leave large holes when used for Web-based applications, especially those that work with wireless devices.

The next section of the chapter discusses a few additional precautions you need to consider when using your components with wireless applications. In some cases, you can resolve the problems by using a few additional roles. However, in other cases, you might decide that the risk is too high and not make the functionality provided by the component available to wireless devices.

Finally, the chapter discusses the System.Web.Security namespace. This namespace contains a few classes that are especially important to wireless device developers that rely on Web-based applications. Sometimes the best solution to a problem is to ensure that you lock things down at both ends and assume that someone will try to listen in. Wireless devices transmit their data into open air—they’re inherently nonsecure devices.