When developing a mobile application security is always an important aspect to the process. Using the Agentry archetype many of the security features are implemented for the application as a part of the development of the Agentry application project. Information is provided here on the security features and development options available and how they are implemented in the application project using the Agentry Editor.
Any Agentry Client can support the encryption of all data stored locally on the client device. When implemented, production data retrieved from the back end system, as well as the application data (or business logic) of the application is stored encrypted. Subsequent information is provided on how to implement this functionality for your mobile application. This may be defined within the application project while it is being initially developed, or it may be a change made to an existing application.
Depending on where file attachments are stored on an iOS client device, they may be accessible through iTunes when the client device is connected to that application. Information is provided on how to modify or define the External Data properties of the Agentry application project so that files stored on the client device are not accessible to iTunes.
A standard part of any IT department’s security policies is a specification on the maximum number of failed login attempts can be made by a user before restricting their access to the system in some way. This behavior is supported in Agentry via the use of security settings within the Application definition of the Agentry application project. Included in this functionality is the ability to define the maximum number of login attempts allowed by the user, and the corresponding lockout action to take when this maximum is met. As a part of the definable behaviors it is possible to require the user to perform a full transmit before being allowed to access the Agentry Client, as well as optionally removing some or all of the data stored on the client device by the Agentry Client.
As a part of the workflow of the client application it is possible to require the user to re-enter their user credentials before a transaction is applied. When implemented the user will be required to enter their user ID and password, which is validated against the locally stored credentials for the user, before the transaction is applied and saved on the client. Additional information may be captured from the user as a part of this process. This data is both stored locally and is also available for update to the back end system as a part of the transaction processing during transmit.