It is important to realize that most WAP browsers and gateways do not currently support SSL and that WTLS, the WAP specific alternative, is not yet widely implemented. You cannot assume support for either. Basic authentication is generally supported, however.

As a consequence of this, you should consider the limited security available in the design of your WAP site. You should not, for example, allow your users to input sensitive information such as credit card details without appropriate security in place. At the very least, you should warn them when the connection is insecure and provide an alternative channel such as a Web site, telephone operator, or interactive voice response application.

 
loading table of contents...