【正文】 出問題?！　”? 移動客戶端框架類型主問題認(rèn)證授權(quán)l(xiāng)　偶爾連接網(wǎng)絡(luò)，未使認(rèn)證。 　　l　偶爾連接網(wǎng)絡(luò)，未使授權(quán)?！　　VPN網(wǎng)絡(luò)，未使認(rèn)證授權(quán)?！　　使空接口同步時，未使認(rèn)證?！　　主機(jī)同步時，未使認(rèn)證。　　l　有連接，比如空接口、插座、藍(lán)牙SD卡，未使認(rèn)證?！　　不能辨別不同設(shè)備間安全模式差異。緩存l　資源受限設(shè)備緩存不必?cái)?shù)據(jù)。 　　l　間歇性網(wǎng)絡(luò)連接，依靠能無法獲得緩存數(shù)據(jù)?！　　選擇不合理緩存地址數(shù)據(jù)格式　　l　使未加密格式存放敏感數(shù)據(jù)　　l　未使合適緩存技術(shù)通信l　未能保護(hù)空接口敏感數(shù)據(jù)。 　　l　未網(wǎng)絡(luò)服務(wù)通信進(jìn)行加密?！　　未VPN通信進(jìn)行加密?！　　帶寬受限網(wǎng)絡(luò)連接，未通信進(jìn)行加密。　　l　未受限帶寬連接進(jìn)行有效管理。　　l　未個網(wǎng)絡(luò)服務(wù)進(jìn)行有效管理?！　　未考慮間歇性網(wǎng)絡(luò)連接工作?！　　未考慮連接成本，并讓戶管理連接?！　　使電池，未考慮最化功耗。　　l　未使合適通信協(xié)議。配置管理l　設(shè)備重啟，未恢復(fù)配置狀態(tài)。 　　l　未考慮通過空接口進(jìn)行配置管理同步?！　　未考慮通過主機(jī)進(jìn)行配置管理同步?！　　采不合適數(shù)據(jù)格式存儲配置信息?！　　未保護(hù)敏感配置信息?！　　未考慮不同設(shè)備制造商于重載配置參數(shù)差異。數(shù)據(jù)獲l　未考慮間歇性網(wǎng)絡(luò)連接數(shù)據(jù)獲機(jī)制。 　　l　未考慮數(shù)據(jù)庫接入性能?！　　dataset進(jìn)行查詢?！　　未考慮合適復(fù)制技術(shù)?！　　未考慮使設(shè)備數(shù)據(jù)庫服務(wù)，如Microsoft SQL Server174。 Compact Edition。調(diào)試l　選擇支持種設(shè)備時候，未考慮調(diào)試成本。 　　l　設(shè)計(jì)時，未考慮調(diào)試，例如，使模擬器而不真實(shí)設(shè)備。　　l　未考慮所有連接調(diào)試。設(shè)備l　未考慮設(shè)備差異性，如屏幕CPU能力。 　　l　給戶展示不友好出信息?！　　未保護(hù)敏感信息?！　　未考慮設(shè)備處理能力。異常管理l　拋出異常以，未恢復(fù)應(yīng)程序狀態(tài)。 　　l　暴露敏感信息給戶?！　　未記錄詳盡異常信息。　　l　使異?？刂茟?yīng)流程。日志l　未考慮遠(yuǎn)端日志記錄，而只考慮設(shè)備。 　　l　未考慮獲設(shè)備日志。　　l　未考慮記錄日志時，資源受限?！　　未保護(hù)日志文敏感信息。移植l　未重現(xiàn)存富客戶端UI適合設(shè)備。 　　l　未探究移植工具。同步l　通信過程，未同步進(jìn)行安全保護(hù)。 　　l　未管理空接口同步，而不插座同步?！　　未管理同步斷?！　　未處理同步?jīng)_突?！　　未考慮合適合并復(fù)制。戶界面l　未考慮受限UI因素。 　　l　未考慮單窗口環(huán)境?！　　未考慮單戶程序運(yùn)行?！　　未設(shè)計(jì)觸摸屏或觸筆UI?！　　未包含不同屏幕方向支持?！　　未管理設(shè)備重啟恢復(fù)。　　l　桌面應(yīng)相比，未考慮受限APIUI控。驗(yàn)證l　主機(jī)通信過程，未輸入數(shù)據(jù)進(jìn)行驗(yàn)證。 　　l　空接口通信過程，未輸入數(shù)據(jù)進(jìn)行驗(yàn)證?！　　未保護(hù)硬資源，例如攝像頭電話始化。　　l　設(shè)計(jì)時，未考慮受限資源性能。本文翻譯“Authentication and Authorization”、“Caching”、“Communication”“Configuration Management”部分?！　uthentication and Authorization　　Designing an effective authentication and authorization strategy is important for the security and reliability of your application. Weak authentication can leave your application vulnerable to unauthorized use. Mobile devices are usually designed to be singleuser devices and normally lack basic user profile and security tracking beyond just a simple password. Other mon desktop mechanisms are also likely to be missing. The discoverability of mobile devices over protocols such as Bluetooth can present users with unexpected scenarios. Mobile applications can also be especially challenging due to connectivity interruptions. Consider all possible connectivity scenarios, whether overtheair or hardwired.　　認(rèn)證授權(quán)　　于應(yīng)程序安全性靠性說，設(shè)計(jì)個有效認(rèn)證授權(quán)策略非常重。相說較弱認(rèn)證以讓您應(yīng)程序容易受未經(jīng)授權(quán)使。移動設(shè)備般設(shè)計(jì)單個戶使，除個簡單密碼以，經(jīng)常缺少基本戶配置文安全追蹤策略。同時，移動設(shè)備，其通桌面安全機(jī)制容易被忽略。通過諸如藍(lán)牙等協(xié)議，移動設(shè)備容易被，這就給戶帶意料不。連接斷能性給移動應(yīng)帶極挑戰(zhàn)。無論通過無線或有線，們必須考慮所有能連接場景。Consider the following guidelines when designing authentication and authorization:　　? Design authentication for overtheair, cradled synchronization, Bluetooth discovery, and local SD card scenarios.　　? Consider that different devices might have variations in their programming security models, which can affect authorization to access resources　　? Do not assume that security mechanisms available on larger platforms will be available on a mobile platform, even if you are using the same tools. For example, access control lists(ACLs) are not available in Windows Mobile, and consequently there is no operating system–level file security.　　? Ensure that you require authentication for access by Bluetooth devices.　　? Identify trust boundaries within your mobile application layers。 for instance, between the client and the server or the server and the database. This will help you to determine where and how to authenticate.　　設(shè)計(jì)認(rèn)證授權(quán)時，考慮以幾點(diǎn)指方針：　　?無線連接、插座同步、藍(lán)牙本機(jī)SD卡設(shè)計(jì)認(rèn)證?！　?編程安全模式，不同設(shè)備能有所差異，這就影響資源獲認(rèn)證。即使使相同工具，不認(rèn)安全機(jī)制就以移動。例如，Windows Mobile，訪問控制表不，因此就沒有操作系統(tǒng)級文安全機(jī)制?！　?通過藍(lán)牙接入設(shè)備時，確保使認(rèn)證機(jī)制?！　?明確您移動應(yīng)層信任界限。例如，客戶端服務(wù)器間，還服務(wù)器數(shù)據(jù)庫間。這有助于確定何處以何種方式進(jìn)行認(rèn)證。Caching　　Use caching to improve the performance and responsiveness of your application, and to support operation when there is no network connection. Use caching to optimize reference data lookups, to avoid network round trips, and to avoid unnecessarily duplicated processing. When deciding what data to cache, consider the limited resources of the device。 you will have less storage space available than on a PC.　　緩存　　利緩存提應(yīng)程序性能響應(yīng)，并且沒有網(wǎng)絡(luò)連接，支持程序操作。使緩存優(yōu)化參考數(shù)據(jù)查詢，避免網(wǎng)絡(luò)往返時延影響，減少不必重復(fù)操作。決定緩存哪些數(shù)據(jù)時，必須考慮設(shè)備有限資源；PC機(jī)相比，移動設(shè)備具有更少存儲空間。　　Consider the following guidelines when designing caching:　　? Identify your performance objectives. For example, determine your minimum response time and battery life. Test the performance of the specific devices you will be using. Most mobile devices use only flash memory, which is likely to be slower than the memory used in desktop machines.　　? Cache static data that is useful, and avoid caching volatile data.　　? Consider caching the data that the application is most likely to need in an occasionally connected scenario.　　? Choose the appropriate cache location, such as on the device, at the mobile gateway, or in the database server.　　? Design for minimum memory footprint. Cache only data that is absolutely necessary for the application to function, or expensive to transform into a readytouse format. If designing a memoryintensive application, detect lowmemory scenarios and design a mechanism for prioritizing the data to discard as available memory decreases.設(shè)計(jì)緩存時，考慮以指方針：　　?明確性能目標(biāo)。例如，制定最響應(yīng)時間電池壽命，使特定設(shè)備進(jìn)行測試。數(shù)移動設(shè)備只使閃存，桌面機(jī)器相比，讀速度更慢?！　?緩存有靜態(tài)數(shù)據(jù)，而非易失性數(shù)據(jù)?！　?間歇性網(wǎng)絡(luò)連接場景，考慮緩存那些應(yīng)程序需數(shù)據(jù)。　　?選擇合適緩存地點(diǎn)，例如設(shè)備、移動網(wǎng)關(guān)或數(shù)據(jù)庫服務(wù)器?！　?設(shè)計(jì)所需存最程序。緩存那些實(shí)現(xiàn)程序功能所必須數(shù)據(jù)，或轉(zhuǎn)變成格式數(shù)據(jù)。如果設(shè)計(jì)個存密集型程序，就需檢測存，并設(shè)計(jì)個機(jī)制，存減，決定數(shù)據(jù)丟棄優(yōu)先級?！　ommunication　　Device munication includes wireless munication (over the air) and wired munication with a host PC, as well as more specialized munication such as Bluetooth or Infrared Data Association (IrDA). When municating over the air, consider data security to protect sensitive data from theft or tampering. If you are municating through Web service interfaces, use mechanisms such as the WSSecure standards to secure the data. Keep in mind that wireless device munication is more likely to be interrupted than munication from a PC, and that your application might be required to operate for long periods in a disconnected state.　　通信　　設(shè)備通信包括無線通信，主機(jī)有線通信，更加特殊諸如藍(lán)牙或紅線通信。使無線通信，必須考