482 Appendix • Webmaster’s Guide to the Wireless Internet Fast Track Optimizing Content Distribution ; Regardless of the technical issues of how you manage your content, take a critical look at your current Web site and consider what you want to pro- vide to your wireless users. ; It is possible to automatically format existing sites, but with dubious results. ; WAP sites may be set up with the same flexibility as Web sites. Delivering Wireless Data ; Mobile users are more often in need of data rather than content. ; It is important to separate content from presentation for data applications. ; Build modules that enable device profiling and accordingly allow for dif- ferent presentations of dynamic data from the same source. Implementing Wireless Graphics ; Several different formats are supported, including common Web formats for some devices. ; Ensure accessibility by using <ALT> tags on all images, and conserve band- width by only using graphics when necessary. ; Online and desktop converters are available to automatically convert your existing images. ❖ Chapter 9: Microsoft Mobile Internet Toolkit Overview of the .NET Mobile Architecture ; The Mobile Internet Toolkit is built on the Microsoft ASP.NET Web Forms and supports languages like VB .NET, C#, and JScript.NET. It is an exten- sion to the ASP.NET model. ; The toolkit includes a set of Mobile Controls that is executed by the Mobile Internet Controls runtime during the execution phase. www.syngress.com Chapter 8 Continued 159_wg_wi_AppFT 10/23/01 2:42 PM Page 482 Webmaster’s Guide to the Wireless Internet Fast Track • Appendix 483 ; The key feature of the runtime is its ability to recognize the different types of devices accessing the forms and to generate dynamically the codes that the device can understand. ; The current release of the Microsoft Mobile Internet Toolkit is Beta 2. Before installing the Microsoft Mobile Internet Toolkit, you must first install the .NET framework SDK. Introduction to ASP.NET ; Current ASP technology contains a mixture of HTML and scripting codes and does not provide a clean separation of display from content, which often results in bugs and difficulties. ; HTTP is a stateless protocol. Preserving state in ASP requires substantial effort by the developer. ; In ASP.NET, normal HTML elements are converted to HTML Server con- trols so that they can be programmed on the server. Besides the HTML Server controls,ASP.NET provides a different set of server controls known as ASP.NET server controls. ; A Web Form in ASP.NET contains two components: Code and Content. ; The Content component of a Web Form can contain Web Form Server controls.Web Form Server controls contain the HTML Server control, ASP.NET Server control,Validation controls, and User controls. ; One important difference between ASP.NET and ASP is that ASP.NET applications are parsed and compiled once and then cached, so that subse- quent requests do not go through the same time-consuming steps. Developing Mobile Web Forms ; During runtime when the form is requested, the .NET runtime automati- cally will detect the type of devices (our examples use Pocket PC, IE 5.5 and UP.SDK) requesting that page, and will perform a dynamic generation of the target markup languages. Unlike WAP applications developed using WML and ASP, the same ASP.NET application can be displayed on different devices, with no effort on your part for customization. www.syngress.com Chapter 8 Continued 159_wg_wi_AppFT 10/23/01 2:42 PM Page 483 484 Appendix • Webmaster’s Guide to the Wireless Internet Fast Track ; In ASP.NET pages, there can be only a single form; however, you can have multiple mobile forms in a Mobile Web form.To link the two forms, you use the <Mobile:Link> control.The navigateURL attribute contains the ID of the form to link to. ; Linking to forms on another page is not so straightforward.The form in the first page links to the second page by specifying the filename in the navigateURL attribute. Subsequent steps involve adding another parameter called Form, retrieving its value using the Request.QueryString collection, ver- ifying the form ID in that value, and using the ActiveForm property to set and return the active page. ; The Microsoft Mobile Internet Toolkit supports user input controls TextBox, Command, and List. ; To input text into a Mobile Web Form, use the <Mobile:TextBox> control. To display a command button so that an action can be performed, use the <Mobile:Command> control.To display lists of items either as a static list or interactive selection, use the <Mobile:List> control.You can also dynamically bind a list of items using the ArrayList class. ; To display images, you can use the <Mobile:Image> control. Because various mobile devices display images of differing format, use the <DeviceSpecific> control (within which are the <Choice> elements) to send the correct image type to the right device. ; Validation controls available in the Microsoft Mobile Internet Toolkit SDK include CompareValidator, CustomValidator, RangeValidator, RegularExpressionValidator, RequiredFieldValidator, and ValidationSummary. ; Other features of the Mobile API are its records paging capability, using the Paginate attribute, and also its Calendar control for date selection. Accessing Data with ADO.NET ; Developers are familiar with using the ActiveX Data Objects (ADO) for accessing databases through OLE DB and ODBC.ADO.NET was evolved to support the need for remote data access. ; In ADO, communication with the data source is through the OLE DB providers. In ADO.NET, the communication is through Data providers. www.syngress.com Chapter 9 Continued 159_wg_wi_AppFT 10/23/01 2:42 PM Page 484 Webmaster’s Guide to the Wireless Internet Fast Track • Appendix 485 ADO.NET contains two data providers—SQL Data providers and OLEDB Data providers. ; It is possible to use OLEDB Data provider even if you are using SQL server. ; ADO.NET provides the DataReader for retrieving records as a read-only, forward-only stream returned from the database for display on the client side.The DataReader stores only a single record in memory at any one time to prevent storing a huge number of records in memory. ; The more powerful Dataset object is used to access different tables in the database.The requested data can be retrieved, saved, and printed with the use of Tables collections. ❖ Chapter 10: Securing Your Wireless Web Comparing Internet and Wireless Security ; Security on the Web is less complex than security on the wireless Web because the Web represents a single paradigm both for application develop- ment and for security. ; The Internet and the Web provide a somewhat coherent model for applica- tions and security with a handful of ubiquitous standards. On the wireless Web there are many networks using different standards, multiple browser protocols, and several wireless markup languages. Security Challenges of the Wireless Web ; Unlike Secure Sockets Layer (SSL) and the x.509 standard for Public Key Infrastructures (PKIs) on the Internet today, there is no single standard for wireless digital certificates or wireless browser plug-ins. ; The relatively weak encryption provided by wireless security technologies such as the Wireless Transport Layer Security (WTLS) protocol and lightweight wireless PKIs is directly related to the length of the keys used and the sophistication of the encryption algorithms.These in turn are a function of device capacity, processing power, and wireless network bandwidth. www.syngress.com Chapter 9 Continued 159_wg_wi_AppFT 10/23/01 2:42 PM Page 485 486 Appendix • Webmaster’s Guide to the Wireless Internet Fast Track ; User awareness and insecure devices pose a large challenge to the wireless Webmaster. Password protection, encryption programs, and device configura- tion control are the keys to minimizing the risks when devices are lost or stolen. ; Wireless Application Service Providers (WASPs) reduce customer infra- structure investment but require customers to trust their data to a network outside their control. ; Along with the spread of new technologies comes the potential for new viruses, but the same diversity of wireless devices, browsers and standards that hampers security can also hamper the spread of viruses and worms. ; Once you’ve determined what you’re going to make available wirelessly and how secure it needs to be, you can determine what steps you need to take to provide an appropriate degree of security; bear in mind that the more secure the solution is, the less accessible information is to legitimate users. Security Models of the Wireless Web ; There are two basic models for wireless security: point-to-point, and end-to- end. Point-to-point security means that information is protected at each leg of the journey by the appropriate security technologies for that part of the communication. End-to-end security means that a single security technology is at work all the way from the end device to the application regardless of the various networks that the communication may traverse. ; Point-to-point security is only as strong as the weakest link. ; With end-to-end security, there are several different PKI technologies sup- ported only in specific mobile devices, browsers and applications. ; Point-to-point and end-to-end security solutions both involve some form of cryptography. ; SSL uses several well-defined encryption ciphers including RC5, the Data Encryption Standard (DES), 3DES and the International Data Encryption Algorithm (IDEA). www.syngress.com Chapter 10 Continued 159_wg_wi_AppFT 10/23/01 2:42 PM Page 486 Webmaster’s Guide to the Wireless Internet Fast Track • Appendix 487 WTLS and Point-to-Point Security Models ; The most important technology in the point-to-point security model is WTLS.WTLS is the WAP equivalent of SSL, and it provides encryption between wireless browsers and WAP gateways. ; The most standard form of WTLS (WTLS Class I) is designed to work together with SSL so that WTLS operates on the wireless network side of the WAP gateway and SSL operates on the Internet side.WTLS and SSL together ensure that information is encrypted from point to point all the way from a wireless browser to a Web server ; The three main components of WTLS are the handshaking protocol that provides for key exchange, a record structure for encrypted information, and the Wireless Identity Module (WIM). ; WAP gateways decrypt WTLS communication and then re-encrypt the communication using SSL.This means that inside the WAP gateway the information is at one point unencrypted. It is possible, at least in theory, for the WAP gateway to malfunction and establish unencrypted Hypertext Transfer Protocol (HTTP) communication rather than using SSL.This flaw is referred to as the WAP gap. ; The seven layers of point-to-point security are Embedded Security Technology, Secure Air-Connect Technologies, Mobile Operator Network Security, Secure Mobile operator Gateways,Authentication, Data Center and Network Security, and Secure Application Interfaces. ; Although a point-to-point security model sounds reasonable, it is a fundamentally flawed and limited approach.Whenever data is unencrypted it is vulnerable. PKI Technology and End-to-End Security Models ; In contrast to the point-to-point security model of WTLS, PKI security provides end-to-end security by deploying digital certificates to client appli- cations such as wireless browsers. ; There is no dominant standard for wireless digital certificates and PKI tech- nologies.The lack of standards also limits geographical coverage. www.syngress.com Chapter 10 Continued 159_wg_wi_AppFT 10/23/01 2:43 PM Page 487 488 Appendix • Webmaster’s Guide to the Wireless Internet Fast Track ; To deploy a PKI, you have to first select a wireless PKI technology and a vendor.The technology and vendor you select depends on the application and on the wireless browser and devices that you wish to deploy. ; Every organization that deploys a PKI must decide what Certificate Authority (CA) to use. ; The most powerful handheld mobile devices with the most capacity, flexi- bility, and readily available security technologies are Personal Digital Assistants (PDAs), not phones. In the future, the problems of PKI security will be eased by the introduction of new networks, such as General Packet Radio Service (GPRS), and of new mobile phones either with built-in sup- port for digital certificates or flexible software configurations similar to today’s PDAs. The Future of Security on the Wireless Web ; The future of wireless security lies in its convergence with Internet and Web security. ; There will hopefully be further standardization on wireless browsers and a single dominant PKI standard—there should also be a standard means of installing digital certificates and of managing wireless PKIs. ; Many of the issues that are seen as challenging today will be resolved when 2.5G and 3G networks replace the current wireless infrastructure on a large scale. 3G networks and the devices that will run on them will provide better and more manageable security because they will support end-to-end SSL and installable software through technologies such as Java 2 Micro Edition (J2ME). www.syngress.com Chapter 10 Continued 159_wg_wi_AppFT 10/23/01 2:43 PM Page 488 Index 2.5G, 10 devices, 436, 459 networks, 63, 66, 459 systems, 34 2G. See Second generation 3Com, 12 3DES. See Triple Data Encryption Standard 3G. See Third generation 4thPass. See Kbrowser 850 (Samsung), 369 6210 (Nokia), 220, 369 7110 (Nokia), 305, 369 7700 (Nokia), 88 A a (element), 94, 96, 115 a (tag), usage, 255, 262–263 Absolute URLs, 147 access (element), 82, 95 Accessibility. See Application maintenance, 363 Acrobat Reader (Adobe), 189 Activ Server (Nokia), 190 Active Server Pages (ASP), 91, 139, 276 application design, 162–163 code, 372 database creation, 163 document, 165, 168 file, 156 lessons, 173–174 mistrust. See Wireless ASPs scripting, 118 usage, 162–174, 176. See also WMLScript ActiveX Data Objects (ADO), usage, 168, 169, 411 Add-on modules, 21 Address Book, 275 AddType section, 117 ADK. See Mobile Application Development Kit ADO. See ActiveX Data Objects Adobe. See Acrobat Reader; Photoshop ADO.NET DataReader, 414–417 code dissection, 415–417 Dataset, 417–422 examination, 411–413 usage. See Data access AdRotator (control), 409 Advanced Mobile Phone System (AMPS), 431 Agent and Speech Recognition software, 203 Air-connect security, 448 Air-Connect technologies. See Secure Air-Connect technologies Aladdin Expander, 190 Aladdin Stuffit Expander, 239 alert() function, 150, 170, 174 ALI. See Automatic location identification Aliases. See Server-side aliases align (attribute), 259 Allaire. See Homesite ALT attribute, 363 Always-on connection, 9 AMPS. See Advanced Mobile Phone System;Analog Mobile Phone System Analog Mobile Phone System (AMPS), 62 anchor (element), 94–96 Anchor tag, 262 489 159_wg_wi_index 10/23/01 2:52 PM Page 489 490 Index referencing, 307 Angle brackets, 222 Animated GIFs, 253 Animations, support, 290 Anti-virus technology, 437 Apache configuration file, 342 Apache Web Server, configuration, 341–343 Apple, 29. See also MacOS Macintosh users, 127 Application accessibility, 360–362 client/server type, 52 developers, 65 functionality, 87 interfaces. See Secure application interfaces testing, devices (usage), 59–60 Application Designer, 209 ArrayList class, 396, 399 Artus NetGate (Nokia), 75 ASCII text, 88 ASP. See Active Server Pages asp:input (element), 378 ASP.NET, 370 architecture, 380–381 introduction, 371–381, 424 runtime, 380 server, 400 controls, 377–378 Web Forms, 368 Asymmetric algorithms, 440 AT&T, 10, 238 !ATTLIST, 83 Attributes, 76. See also Core attributes addition, 93–94 Auditing. See Security Authentication, 269, 430, 441, 446, 448–449. See also Digital authentication Authenticity, 269, 441 Authoring, guidelines. See World Wide Web clipping Automatic location identification (ALI), 37 mandate, 37 Auto-paging capability, 407 AWT. See Java AWT B b (element), 88, 89, 96–97 b (tag), usage, 255, 260 Back-end applications, 452 Backus Naur Form (BNF), 82 Bandwidth, 338, 434–435 components. See High-bandwidth components connection. See Small-bandwidth connection limitation, 455 optimization, 299–303 reduction, 294 site construction, wireless usage, 337 FAQs, 366 solutions, 364–365 waste, 293–294 Base station. See Mobitex handset connection, 16 Basic Input/Output System (BIOS), 447 BBEdit, 245 Bell Atlantic, 10 BellSouth, 25 big (element), 88, 97 Binary encoded request. See Compact binary encoded request Binary format, 17 Binary Runtime Environment for Wireless (BREW) (Qualcomm), 432 159_wg_wi_index 10/23/01 2:52 PM Page 490 Index 491 BIOS. See Basic Input/Output System Bit depth, 248 Bitmap. See One-bit depth bitmap Blackberry (RIM), 20, 26 950, 369 957, 20, 26, 236, 320, 369 Block ciphers, 440 Blueprint phone (Nokia), 193, 194, 198 Bluetooth, 12, 31 Bluetooth-equipped laptops, 29 BMP file, 402 BNF. See Backus Naur Form Body, 275 body (tag), usage, 255, 257 bold (element), 96 Bookmarking, 92 control, 92 Boolean data types, 142 br (element), 78, 94 br/ (element), 97 Branded Web-like terminology, usage, 293, 296–297 Breadcrumb, 291 Break (keyword), usage, 146–147 BREW. See Binary Runtime Environment for Wireless British Rail, 13 Browser, 209 Browser-based applications, 30 Browser-like interface, 234 Browsers. See Desktop browser; Ericsson; HyperText Markup Language; Mobile Explorer; Nokia; Openwave; Opera; Pocket PC; Third-party browser cache information, 172 display differences, examination, 320–331, 334 global standards, 455 integration. See Development environment market. See Wireless usability differences, 321 version/brand, 140 wars, 3 window, 255 Built-in interpreters, 436 Built-in wireless LAN, 29 Bytecode, 195. See Compiled bytecode; WMLScript C C#, 368 C (programming language), 181 C++ (Solaris), notification, 181 C-35i (Siemens), 369 CA. See Certificate Authority Cache information. See Browsers Caching. See WAP-Integrated Development Environment control, 91–92 problems, 171, 174 Calculate() function, 152 Calendar control, 409–411 card (element), 78–79, 97–98, 325 Card One, 129 Card Phone (Nokia), 8, 30 Cards. See Deck of cards approach. See Multi-card approach concept, 93 naming conventions, usage, 299–300 Carriage returns, collapsing, 86–87 Cascading Style Sheets (CSS), 41, 77, 253, 257 delivery, 345 style sheets, 78 Case sensitivity, 86. See also Elements 159_wg_wi_index 10/23/01 2:52 PM Page 491 . forms, you use the <Mobile:Link> control .The navigateURL attribute contains the ID of the form to link to. ; Linking to forms on another page is not so straightforward .The form in the first page. 486 Webmaster’s Guide to the Wireless Internet Fast Track • Appendix 487 WTLS and Point -to- Point Security Models ; The most important technology in the point -to- point security model is WTLS.WTLS is the WAP. on the Internet side.WTLS and SSL together ensure that information is encrypted from point to point all the way from a wireless browser to a Web server ; The three main components of WTLS are the