Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Developer
Posts: 1
Registered: ‎02-26-2009
My Device: Not Specified

Secure/Protected OTA deployment

We have developed an app and for security reasons are wondering if anyone has suggestions on how to set up an OTA download deployment system that will require the user to enter their contact information?

 

We are having trouble preventing a direct download to the .cod file because its location is available in the .jad file - are there any best practices or solutions out there?

 

Thanks very much....

Developer
Posts: 1,415
Registered: ‎07-30-2008
My Device: Not Specified

Re: Secure/Protected OTA deployment

cookies?

 

If you are really worried, we have a browser that reports some user info. You could use something like

a custom browser to report the info and only allow download. But, I would think that

a normal https form with a cookie or short duration password would be fine. If you already

have jar selection logic, a cookie check shouldn't be hard.

 

Developer
Posts: 4,764
Registered: ‎07-21-2008
My Device: Not Specified

Re: Secure/Protected OTA deployment

You can set up .htaccess security on your download directory to force a security challenge. This wil cause the browser to invoke a security dialog.

 

Developer
Posts: 1,415
Registered: ‎07-30-2008
My Device: Not Specified

Re: Secure/Protected OTA deployment

That will just prompt for credentials or is it more versatile? If you really want to collect

info, I guess you could have a screen to setup credentials and then have user prompted

for these on download. However, you could just do this in one screen I would think

that collects info, setsup a cookie, and then allows download to the IP address

making a request with that cookie for the jad file. Does the BB browser support cookies

and would they work here? I haven't actually thought it through but it seems it

would work easier for user and at worst I guess you would need to modify jad file for each download

with a cookie in cod link.

 

 

Highlighted
Developer
Posts: 4,764
Registered: ‎07-21-2008
My Device: Not Specified

Re: Secure/Protected OTA deployment

Yeah, this just forces a basic HTTP auth challenge. Of course, if the user has an account you already have his info and you just validated his credentials so you wknow who you are dealing with.

 

We employ this for beta downloads, or a special release that is specific for a customer. This way, it is still available on a public site but only "enabled" folks can download.

 

If you want to collect user info, then a little PHP script is probably in order. After collecting the form data you would then redirect the user to the appropriate download directory/JAD file.