|
iPhone Development - RSS, XML, ASP.NET and Generic Handlers
As soon as your boss gets an iPhone, he's going to be asking you how to get to your
corporate data from the road. Good side is that you'll need to get both a Mac and
an iPhone but then you need to make it all happen. We focused on delivering a solution
quickly that was very simple, adjustable and quick to market.
Specifically for us, we have corporate statistics that our executives wanted to
be able to view easily from the road without having to boot up a laptop, find wireless,
login to our web app, navigate to the statistics page... you know the drill. Instead,
they should be able to pull their iPhone out and push a 'stats' button. Boom! There
are the stats.
Many people are searching for the golden sample iphone application that they can
model and forget that there is back-end infrastructure required to feed that data
to the requesting iPhone. To get that done, you're probably already thinking a nice
web service feeding back XML. SOAP comes to mind but the current release of the
iPhone SDK is light in support. This is where most people will direct you to using
REST. REST is cool in that it is an URL based requestor but it takes a lot of work
to set it up.
Remember that part of our goal is 'quick to market' so why not consider the generic
HTTP handler that is in Visual Studio.
Here's what you do:
1. follow the sample for building an RSS reader and get it wired into your iphone.
Follow it word for word and it will work great. Here is the link:
[Click Here]
2. now in Visual Studio add a public generic handler. This will be a .ASHX file
3. in your SQL database, build a table that houses a user name to iphone ID relationship
4. edit the generic handler to take in two parameters -- one for the requested operation
(in our case: stats) and one for the iphone ID.
5. if they are validated respond to them with the stats in XML using context.response
6. test this in your browser passing the correct parameters so you know it's
working before you start trying to hit it from the iphone.
7. now adjust your iphone app to use your new URL with parameters.
Once you get the basics working:
1. create a corporate db table that houses iphone ID to user Id relationships and
check it as the first operation on the handler. This makes the handler extremely
secure because you can't get past the front door without a valid iphone Id. BTW,
we used UDID to get the addresses to be used. You have to do this for the ad-hoc
provisioning anyway so you're doubly covered.
2. create a logging function that writes date, time, user, iphone and function to
a table
3. enhance the iphone app to allow drill down capabilities (just another operation)
A couple of notes:
this is scaleable by way of the parameters passed.
you can adjust the output at the asp.net level instead of the iphone.
this is very secure in that only the registered iphones will get in.
Good Luck
Dan Ribar
dribar@1stguard.com
1st Guard Corporation
http://www.1stguard.com
Return to top
Corporate Web services -- Connect by Disconnection
There will always be a need to give customers confidential and sensitive information
from an Internet based Web Server & application. Historically all of this logic
has resided on the web server, but there are new ways to disconnect the Internet
from your sensitive information and still give the customer what they want.
One great way to protect your Internet website is to eliminate all of the business
logic from the site and rely on a corporate web service that is further back behind
the firewall security level.
If you’re not too sure what a web service is, consider it to be like a secure web
page that has no user interface. So I can get to most web services to see what they
have to offer by keying them into my browser, but daily operations are all in-band
– no user interface.
One example of a web service might be to calculate a customer’s current balance.
The old style would be to put the SQL statement as well as the communications parameters
(including login and password) to get to the SQL server right on the website. Now,
this is the outside website, so it has a bit more exposure to the dark side of the
Internet. This is actually very common practice and fairly secure, but there is
a better way.
On your internal web server, create a web service that has the needed function –
in this case a function called ‘GetCurrentBalance’. Inside of that function and
safe from the Internet are all of the SQL statements, connection strings and business
logic that will give the correct answer back to the requestor.
Your customer website that is looking for a balance, now asks a simple question
to the web service, and presents the answer. There are a lot of other steps – mostly
authentication and security related, but bottom line is that all of the confidential
and business critical information has been removed from that exposed web server.
One tangential benefit is that you don’t need high-end programmers to write pages
that ask for a current balance [for example]. One line that asks the web service
can be handled by most 9th graders, so you can apply a bigger resource base against
your projects.
One other hidden benefit is that although you have to (or should) write wrappers
for these functions within the web service, your code base will get homogenized
and consolidated into a single set of class libraries – something that is typically
problematic when you have multiple web servers / applications. Microsoft and the
world will tell you to compile and distribute these libraries, but it’s a forced
way of doing things.
Disconnect your website by connecting to a web service.
Dan Ribar
dribar@1stguard.com
1st Guard Corporation
http://www.1stguard.com
Return to top
 Device of the Century - The Winner is: Apple iPhone
The Apple iPhone is by far the quintessential example of applying technology to
enhance your everyday life experience. This single sexy device that slips into
your pocket does so much, but here’s a short list to start.
The iPhone:
makes crystal clear phone calls
uses my vehicle as a hands free kit (via Blue tooth)
maintains a single unified contacts list
send and receives text messages to my kids
accesses the NATIVE Internet via browser
plays any music from my iTunes music library
plays any movie from my iTunes movie library
remote controls playback & volume of music
shows me business statistics from my office (native)
gives me full time access to all email accounts – for me this means our
corporate Exchange server and my Yahoo account without the archaic ‘syncing’ process
provides a quick calculator and switches to scientific mode if needed
(this may sound insignificant, but watch how many people in your office reach
for a calculator, start up windows calc, or excel)
shows me interactive gps-driven maps and directions
fully integrates into Google maps with streetview
tells me what is around me – restaurants, gas, hospitals, movies…
tells me the name of the song playing on the radio
entertains my children on long trips in the car
wakes me up in the morning
provides a flashlight at night
gives me instant stock information
gives me instant weather information
lets me read the news anytime I want
gives me access to my bank account and lets me check balances, pay bills, etc.
reminds me when I have a pending appointment
prints a picture that I just took directly to my network printer
set a timer for the cake in the oven
eliminates carrying my laptop in most instances
Did I mention that it fits in my pocket?
I am not a mac-lover, but Apple continues to prove that their technical integration
skills are the best. The iPhone continues to rock my world with cool technology that
actually helps life happen – in the office, on the road, at home and everywhere else.
Dan Ribar
dribar@1stguard.com
1st Guard Corporation
http://www.1stguard.com
Find the iPhone at: http://www.Apple.com
Return to top
Credit Card Storage Safety Net.
So have you heard the term ‘Referential Credit Card Processing’ or RCCP?
It is a mostly unknown process that some credit card processing centers use
to remove the liability of storing credit card data. Here’s how it works…
Consider the new customer that charges his purchase to his VISA card, and wants
to use that card for a monthly payment. Historically [or typically] we’d get
an authorization from the customer and then store his card data in a myriad of
security and encryption mazes designed to thwart every 9 year old hacker from
gaining access. Then when the monthly batch process came, we’d look up the
credit card information and submit the authorization request. Pretty typical.
Customers and end users like that kind of convenience, but don’t think much
about losing their credit card data until after it happens. How about we
[as an American business] take a stand against the bad guys and come up
with a better way to do this that will ultimately protect our business
and our customers.
Take a second to recall the last security breach you heard about on
the news – “250,000 credit cards numbers stolen or leaked”. Now what
impact would that have on your business? What liability does storing
that card data inherently include? How does that swing the balance of
power in this new economy? Interestingly enough, most of these breaches
target the weakest link…. And avoid the shiny new firewall and intrusion
detection systems.
Until recently, there weren’t too many alternatives to storing the data.
Regulating bodies like PCI (Payment Card Industry) have a lot to do with
the required infrastructure to support the storage of this sensitive data
(and for good reason). Experience shows that even the difference in
regulations year to year are exponential in the demand they place on
your technology budget and personnel so a new environment is needed to
virtually eliminate that liability.
Enter RCCP. This methodology is pretty simple and very effective. When
fully implemented, you will realize a 100% loss of credit card data onsite.
That sounded like a negative thing, but this is one ‘loss’ you want.
Here’s how it goes:
1. Customer charges with his credit card
2. You transmit the number and a uniqueID to your merchant services
group
3. You store the UniqueID and maybe the last four digits of the card
4. Recurring charges reference the uniqueID and change the amount to
be charged.
Now, next month when you are ready to charge his credit card in some cool
batch process built into your billing software, you send the original
referenceID and the new amount –NO CREDIT CARD INFORMATION IS SENT. You
don’t send it… you don’t store it! In most cases there is a length
of time the referenceID will stay alive, but when you’re doing a
monthly recurring billing, you shouldn’t bump up against it.
Back to PCI for a second. Personal experience resulted in a reduction in spending
and effort to 10% of the original cost; 100 pages of compliance questionnaires to
10 pages. So yeah… your security gear looks cool. Flashing lights and all that
would make any normal technician stand at attention but lets get real. How about
we eliminate the golden egg all together so a modern day Passover happens and we
keep our sanity, jobs and restful nights.
Put the hacker out of business… and keep America in it!
Dan Ribar
dribar@1stguard.com
1st Guard Corporation
http://www.1stguard.com
Return to top
SEO Optimization, Who is Really in Control?
Seems like everyone these days is an expert in Search Engine Optimization and is
willing to sell you their book for a small fee of two hundred dollars. Or if you
prefer to go green you can, for a monthly fee, join a myriad of websites that will
take you through the process step-by-step. But what is the real benefit?
Okay, so we all want to be on the first page of Google so we can showcase our product
to as many patrons as humanly possible. Right… So you have started with your page
title and know exactly how you want it to look in Google. Then you customized your
meta tags so all the robots will play nice when they hit your page. You throw in
some key words and boom your ready go… Well… Not really…
OH! Page optimization! That’s next right? Well, sort of. See we all want to have
an atheistically pleasing page with some graphics and text. But graphics do not
mean anything to a search engine. Cleverly you add a tag to the image in hopes of
the bots giving you a gold star. Your text is full of valuable contact pertaining
to your product and you even throw in your main key word. Are we done yet?
Well typically yes you are. SEO really only takes you that far and it does so is
a manner that leads you to believe you will now be a millionaire. Now is when that
book you purchased says that you should go and post articles and create a blog to
help drive traffic and boost your ranking. Even the old method of back linking is
still lurking around with folks offering you thousands of back links for a small
fee. But does it work?
From this author’s point of view…. Maybe. What are we really trying to accomplish
with SEO and “Social Networking”? We are trying to beat out millions of others who
are after the very same goal, high page rank in Google. But what is this giant Google
really at its core? A for profit corporation!!
Google keeps its methods closely guarded as to how it actually ranks pages. With
some clever software you can obtain all the information for the sites that appear
on a Google search page. What you will find is that the number one site will almost
never have the highest number of back links. The site will be horribly optimized
and make you really wonder why on earth is it number one. Sites with lower rankings
can have 5 times the back links and have paid a professional to optimize the page.
So everything that is preached about SEO and Social Networking seems to be a farce.
At the core of the problem is that you are trying to get for free what Google wants
you to pay for. It really is that simple. You can try all the “tricks” you can put
your fingers on and what will happen is Google will catch on and penalize you. Your
site will fall down to number four hundred or be completely removed from Google.
Be mindful of your content and create a website with the end user in mind. Drive
traffic with a good product and quality service. At the end of the day that really
is what will bring you success.
Colin Cowne
ccowne@1stguard.com
1st Guard Corporation
http://www.1stguard.com
Return to top
|
|
|
|