Security Related Development Overview
When developing a mobile application, security is always an important aspect to the process.
Many of the security features are implemented for the application as a part of the development of the Agentry application project. Information is provided here about the security features and development options available, and how they are implemented in the application project using the Agentry Editor.
You can also integrate SAP Mobile Platform security features using Open UI and Java API, which provides another layer of security for Agentry applications.
Client-Side Data Encryption
Any Agentry Client supports encryption of all data stored locally on the client device. When implemented, production data retrieved from the back-end system, as well as the application data (or business logic) of the application is stored in an encrypted format. You can define data encryption rules in an application project during development, or you can later add them to an existing application.
Securing File Attachments from iTunes on Agentry Client for iOS
Depending on where they are stored on an iOS client device, file attachments may be accessible through iTunes when the client device is connected to that application. You can modify or define the External Data properties of the Agentry application project so that files stored on the client device are not accessible to iTunes.
User Lockout After Failed Login
A standard part of any IT department’s security policies is a specification on the maximum number of failed login attempts can be made by a user before restricting their access to the system in some way. This behavior is supported in Agentry via the use of security settings within the application definition in the Agentry application project. Included in this functionality is the ability to define the maximum number of login attempts, and the corresponding lockout action to take when this maximum is met. You can require the user to perform a full transmit before being allowed to access the Agentry Client, as well as optionally remove some or all of the data stored on the client device by the Agentry Client.
As a part of the workflow of the client application, you can require users to reenter their credentials before a transaction is applied. The user must enter his or her user ID and password, which is validated against the locally stored credentials, before the transaction is applied and saved on the client. Additional information may be captured from the user as a part of this process. This data is both stored locally and is also available for update to the back-end system as a part of the transaction processing during transmit.
Integration with SAP Mobile Platform Security
Agentry client applications can take advantage of SAP Mobile Platform security as well as Agentry application-level security features. The developer adds product-level security by adding application code via Java or OpenUI classes. The administrator configures application authentication from the cockpit.
SSL Standard Support
Agentry applications support the Secure Sockets Layer (SSL) standard. You can use alternate names, and wildcards in command names in SSL certificates. Certificate chain download is supported.
Security for Previous User Transactions
You can configure the Agentry client to cache the user's encrypted password in the encrypted client database on the local device, and use the password to complete user transactions following an interruption. (In previous versions, Agentry Client stored the password in device specific areas, such as the Windows registry or a device's keystore outside of the client database). Interruption examples include a change to the back-end password, a user or server selected Change Password scenario, or a Change User scenario.