Security is something that tends to be overlooked, especially in the case of mobile device projects. One likely reason is that mobile applications are not expected to be used in a multiuser environment. Mobile developers often take the shortcut of not implementing any authentication at all. Their argument is that "it's your own device and it's only meant for a single user." Some even see the login step for the mobile device as counter-productive.
The truth is that mobile devices tend to get misplaced a lot, and most of the time the data within is left unprotected. If the device contains sensitive information such as the financial or medical records of a customer, a security compromise (such as data theft) could lead to serious consequences.
In this chapter, we explore why encryption and authentication are equally important, and how to implement them in your sales force application. We will cover these topics as follows:
- How to encrypt and password protect your database
- How to implement authentication for the sales force application
- How to secure data transfer between devices
When you choose to encrypt a database, you are encrypting the entire content of the database file including the tables, data, and other database objects. This means that even if the .SDF or .ODF file was stolen from your mobile device, the content would be undecipherable. This is an important aspect of mobile device programming—the portable nature of the mobile device makes it easy for users to misplace their devices. If the database is left unencrypted, an unauthorized user could retrieve your data with relatively little effort.
The SQL Server CE database comes with an encryption utility that allows the entire content of the .SDF file to be encrypted.
Tip
Should I worry about performance?
The performance cost of activating encryption is negligible, so you don't have to worry about enabling it.
You can specify to encrypt the SQL Server CE database by specifying the Encrypt Database=true setting when creating the database using the SqlCeEngine class.
_dbcreationstring = "Data Source='" + _SDFPath + "';
LCID=1033;Password='admin123'; Encrypt database= TRUE;";
_engine = new SqlCeEngine(_dbcreationstring);
try
{
_engine.CreateDatabase();
}
catch (Exception ex)
{
throw ex;
}
finally
{
_engine.Dispose();
}
You can modify the code in the CreateSalesForceDatabase method that you've created duringChapter 2 in SQLServerPlugin.PluginClass. When you enable encryption, you must also ensure that a valid Password has been specified. The database will be encrypted using this password value.
There is no difference in terms of the code used to connect to the database. As long as you've included the same password in your connection string, you will be able to access the database:
Data source='My Documentssalesforce.sdf'; Password=admin123;
For Oracle Lite, it is equally simple to set up an encrypted database. You just need to call the EncryptDatabase method after the CreateDatabase() method.
try
{
OracleEngine.CreateDatabase("salesforce", "salesforce", "admin123");
OracleEngine.EncryptDatabase("salesforce", "salesforce",
"admin123", "admin123");
}
catch (Exception ex)
{
Interaction.MsgBox(ex.ToString, MsgBoxStyle.Exclamation,
"Create database");
return false;
}
Like the SQL Server CE database, the encryption of the underlying database is transparent to the accessing application.