Best Practices for Secure Client Applications
Developers of secure client applications should observe the following rules to obtain the best possible level of client security:
-
Do not hard-code values for the gateway credentials into the application
-
Do not store or cache form data on the device
-
Require or encourage end users to use the native security services of the device
-
You must use HTTPS to provide transport-layer security
-
Use the security features provided with the Mobile Client Business Objects (MCBO) API, including requiring authentication, encrypting the data, and implementing data destruction and lockout measures
- © 2010, Oracle Corporation and/or its affiliates