Does anyone know a website which has a security checklist with regards to Windows Phone application development? For instance, one of the recommendations may be to disable any unneeded privileges that the application may not need.
It is important that it is focused on the development of a secure windows phone application and NOT about the use of the phone in general. Thank you.
although it is retired content and not specific aimed at phone development it might still hold value in its core concepts.
The Security Guidance of the Patterns and Practices team
An another option is the SDL (Security Development Lifecycle)
Related
I am new to Windows 8 development, I am having one application which is already running in the i-pad (ios). I want to convert same application into Windows Store apps as this is the client requirement. So do i need to follow the design guidelines for such legacy application? Or I can just follow the same UI which is been developed in i-pad. Is this accepted by Microsoft for Windows Store apps certification ?
Thanks.
According to Microsoft's guidelines, it should not be accepted.
However, some such applications have appeared in the Windows Store in the past, so it's not completely impossible. I would not bet on it though.
And if your app is a game, the guidelines are less strict.
All the user experience (including design) guidelines are referenced here.
And there is a UX checklist to make sure you confort to them.
As far as I understand, Microsoft wants to allow "having both desktop and modern ui GUIs" only available for web browsers (am I mistaken here ?).
Does that mean common apps will be developped twice ? With e.g Skype being available both as pure desktop app and pure modern ui app ? And if a user installs both, these both instances will share no data ?
I can't imagine them doing a shift towards gesture friendly uis/hybrid ui, and leaving full blown desktop apps (not toy/phone-like/game apps, that can live in one space only) with no integration/entry points inside modern ui. Or maybe they want to participate in that "kill full-blown desktop apps" movement ?
So is there a model for a desktop app developped in whatever GUI toolkit, that wants to have some minimal integration with a small HTML/CSS/JS frontend in modern ui, like for e.g providing a dashboard of favorite or recently accessed files, contacts, etc ?
Your first statement of "only in a browser" is not correct. Desktop applications don't change their current design paradigms. You can have browser-based apps on the desktop, of course. But full clients are still supported and still viable as a real solution to problems.
Your takeaway from that comment should be that desktop applications are not deprecated as people assert. The reality is, desktop applications are still the only solutions to many problems.
Your second question of shared data is not correct. Skype shares lots of data with its app companion. Not because of shared local storage, however; it is because of the services that it shares. My account and contacts are on the server. So, they share a lot.
Your takeaway from that comment should be that Windows 8 apps should not highly leverage local storage but should be built as service-oriented clients. To that end, your desktop applications should have already started to leverage this architecture, too.
Your third question (which is very cryptic) seems to be asking if a desktop application and a companion Windows 8 app can share or integrate with each other. The answer is yes. Not only can they share the same service, but file associates, custom protocols, and some of the non-Store manifest capabilities allow for this explicitly. Line of business applications should have a companion app, if you ask me. The integration points are many - though not every. But there is no other way to leverage the new capabilities of Windows 8 without introducing a companion app - even if that app does very little.
Your takeaway from that comment should be that Windows desktop applications and companion Windows apps are the preferred and anticipated development approach.
Best of luck, thanks for the question.
I want to evaluate the new sandboxing mechanism in Windows 8/Windows Server 2012. I searched MSDN site for any resources but the documentation is extremely scarce. In comparison with FreeBSD Capsicum documentation, the one provided by Microsoft is just unusable.
How are we supposed to build robust sandboxed apps? Are the sandboxing APIs intended for metro style apps only?
I'm not sure what you mean by "sandboxing APIs". All "metro" (Windows 8 UI Applications) are sandboxed. I'm not aware of any way to sandbox desktop applications in the same way. See here.
Metro apps are pretty tightly sandboxed, and apps submitted to the
Windows Store need to declare many types of capabilities that they use
— not unlike Google Play's permissions list.
. . .
Windows 8 features a specific SDK for Metro style apps . . .
A quick explanation of capabilities: There are certain potentially sensitive things that you can do on a user's machine, such as access the Pictures library or use the webcam. If an app wants to do these things, the developer must declare a capability in the app's manifest. Then, when users download the app from the Windows Store, they can clearly see if the app is using any of this functionality. More info and a list of all of the capabilities is provided at App capability declarations.
Regarding sandboxing, there is some information at http://msdn.microsoft.com/en-us/library/ie/hh673561(v=vs.85).aspx. Yes, Metro-style apps are sandboxed in a way that desktop apps are not.
There is a whitepaper discussing security in Windows Store apps built with HTML5 at Secure development of Metro style apps with HTML5. There are also some common security scenarios documented.
Apologies if what I am going to ask is too generic and please feel free to mark it as community wiki or even close it but after getting a good answer please.. Here goes nothing.
I had a heated debate over the term application infrastructure with a consultant from a BIG company and hence I am here to see what the experts think as I myself need a good understanding as well. I am a puny software developer and was trying to have a chat about software architecture and stuff and then we kinda got stuck up at the term application infrastructure.
As per my rival's understanding, this is solely used re the back-end hardware components and whereas I thought he is mixing the contexts and from the context of software eng it should refer to stuff that supports the application such as logging, ORM, or even framework (.net) etc.
To what extent am I wrong and if I am please shed some light on the definition...it's really gonna help a lot.
Thanks
Here are a few links with a little description about the term Application Infrastructure extracted from them:
Application Infrastructure -- f5.com
Application infrastructure, comprised of application servers, web servers, and often database servers, is a core component in most network architectures. This part of the network infrastructure delivers high performance application services to the LAN as well as to employees, partners and customers on the WAN.
Some of the key functionality of application infrastructure includes transaction management, clustering, reliable application-to-application messaging, system management, advanced application development tools, proprietary access, and interoperability with legacy technologies.
Application Infrastructure -- networkmagazineindia.com
A (common/standard) platform is required to make different applications in an enterprise work across geographies or multiple locations, and to manage a large number of users and transactions taking place within an enterprise. This platform which ensures that different applications work with each other, is known as an application infrastructure.
Application Infrastructure -- bitpipe.com
A high performance, reliable, and secure integrated technology infrastructure for managing multiple hosted applications by Application Service Providers.
What he seem to be describing is the platform for software (I'll leave it open if that is the same thing as the software platform. I do include software service in the Application Infrastructure definition and also include connectivity/networking along with hardware and software as the three foundation corner stones of Infrastructure. Infrastructure is the general purpose commodity components as opposed to the domain specific components which will typically always be Software; (A possible exception would be an organisation uses custom hardware). AIH; IBM pitch WebSphere as Appliction Infrastructure and Microsoft Consider their Windows Server to the Application Infrasture both agree with you and I.
From what I can see it speaks to HW and SW (middleware and API management).
Gertner definition : Application infrastructure is software platforms for the delivery of business applications, including development and runtime enablers.
Interesting info from Gartner:
http://wso2.com/resources/analyst-reports/comparing-vendors-of-comprehensive-application-infrastructure-suites/
What is a better platform/language for developing Windows/desktop based application that can run offline (sometimes)? .NET (C#, ASP) or Java or any other development tool? This application requires to store data into a database(involves some GIS) and later Synch both ways with the main server (SQL/Oracle) during off hours or when initiated by a user or event or when online? ALso the tool/IDE recommended should allow us in the future to migrate this desktop application as a Web based application to the corporate server with less pain or re-work when internet/nw access is available to all of our remote sites/users. Any input/advice is appreciated.
If you are strictly doing Windows desktop application development, C# or VB.NET would be an excellent choice. There is a ton of documentation out there for .NET developers. Although the framework is a free download from Microsoft, any serious work is cumbersome and tedious without the IDE.
If you needed the potential to support your application on multiple operating systems besides Microsoft Windows, then I think it might be worth looking into Java.
For web solutions, in .NET you have ASP.NET, Java you have JSP and Tomcat.
You could try Adobe AIR. It seems like it would serve most of your desktop needs and it should be the easiest to migrate into a web app (Flex).
C#/WPF for desktop with Silverlight, XBAP or even ASP as the online options.
Since you mentioned the desire to web-enable this application at some point I'd look into Silverlight. Out-of-browser capabilities were introduced in Silverlight 3. That means that the app can run directly on the desktop, and the internet connection is optional. However, when the internet connection is available it has built-in support for auto-updating itself.
And now in Silverlight 4 it's possible to run an out-of-browser Silverlight app with elevated trust. Silverlight 4 also finally introduced things like right-click support, clipboard access, full keyboard support in fullscreen mode, etc. So if you're just now starting development, I'd most definitely use version 4.
You'll have to communicate with something like a WCF service for a lot of the database operations. But going with Silverlight should allow you to build something that'll work on the desktop and the web alike without having to manage two systems.
Going web-based after you already developed a desktop application is a really bad idea. There is no reason the desktop application cannot use a internet connection, and be updated from a server.
You could try Delphi. It's a rapid application development tool. Very different, but very quick to use. Well suited to Oracle integration. Data sync is probably going to need to be custom, unless you're using something like Sybase SQL Anywhere.