02-26-2009 02:41 PM
We have developed an app and for security reasons are wondering if anyone has suggestions on how to set up an OTA download deployment system that will require the user to enter their contact information?
We are having trouble preventing a direct download to the .cod file because its location is available in the .jad file - are there any best practices or solutions out there?
Thanks very much....
02-26-2009 07:02 PM
If you are really worried, we have a browser that reports some user info. You could use something like
a custom browser to report the info and only allow download. But, I would think that
a normal https form with a cookie or short duration password would be fine. If you already
have jar selection logic, a cookie check shouldn't be hard.
02-27-2009 10:35 AM
That will just prompt for credentials or is it more versatile? If you really want to collect
info, I guess you could have a screen to setup credentials and then have user prompted
for these on download. However, you could just do this in one screen I would think
that collects info, setsup a cookie, and then allows download to the IP address
making a request with that cookie for the jad file. Does the BB browser support cookies
and would they work here? I haven't actually thought it through but it seems it
would work easier for user and at worst I guess you would need to modify jad file for each download
with a cookie in cod link.
02-27-2009 03:37 PM
Yeah, this just forces a basic HTTP auth challenge. Of course, if the user has an account you already have his info and you just validated his credentials so you wknow who you are dealing with.
We employ this for beta downloads, or a special release that is specific for a customer. This way, it is still available on a public site but only "enabled" folks can download.
If you want to collect user info, then a little PHP script is probably in order. After collecting the form data you would then redirect the user to the appropriate download directory/JAD file.