tailieunhanh - Webmaster's Guide to the Wireless Internet part 49

Webmaster's Guide to the Wireless Internet part 49. The Webmaster’s Guide to the Wireless Internet provides the Wireless Webmaster with all of the tools necessary to build the next generation Internet. Packed with the essential information they need to design, develop, and secure robust, e-commerce enabled wireless Web sites. This book is written for advanced Webmasters who are experienced with conventional Web site design and are now faced with the challenge of creating sites that fit on the display of a Web enabled phone or PDA | 452 Chapter 10 Securing Your Wireless Web to an independent audit. Some service providers will provide an independent audit report but it is still necessary to consider the scope and the age of an audit report. Secure Application Interfaces Wireless applications and servers typically communicate with back-end data sources and applications such as databases and legacy applications. In a typical three-tier architecture Web browser Web server plus middleware and back-end application a Web server is exposed to the Internet while back-end applications reside within more secure regions of the network. Communication with backend systems should be implemented using secure protocols and if possible through private networks. If an ASP is used a VPN or private network connection may be configured but this does not provide security through to the Web or server or mobile application only to the service provider s network. The best way to address the issue of secure communications between applications is for servers to communicate using a secure protocol such as SSL. If this is not possible a VPN and a private WAN connection is the best solution when using a service provider and a private LAN between machines at the data center is recommended This can be accomplished by adding a secondary network interface card to each server and explicitly configuring the IP addresses or network route to the sister servers. Problems of a Point-to-Point Security Model Theoretically the problem of point-to-point security architectures can never be fully only solution is end-to-end security. Of course point-to-point security can provide additional layer of security as a conduit for communications secured through a advantage of going with the flow on point-to-point security is that you retain complete flexibility with respect to devices and the locations of users as they travel assuming that your mobile application software operates globally. Sniffing and Spoofing Sniffing is .