This page was last modified 10:57, 23 August 2007.
KIJ000395 - Variance in security domains for MIDlets on certain operator variant phones
From Forum Nokia Wiki
Variance in security domains for MIDlets on certain operator variant phones
|
KIJ000395
|
Overview
| Certain operators have defined different access rights for MIDP security (untrusted 3rd party, trusted 3rd party, and manufacturer) domains in relation to certain restricted APIs (for example, low-level net access, application auto-start, and file access) than defined in the "Recommended security domain policy for GMT/UMTS compliant devices" included in the MIDP 2.0 specification.
MIDlets in untrusted 3rd party domain, trusted 3rd party domain, and manufacturer domain have different default and available access rights to certain APIs than generally available.
|
Reported against
| Series 40 2nd Edition
|
Date identified
| August 24, 2006
|
Symptoms
| -
|
Detailed description
| The MIDP 2.0 specification includes a recommended policy for security domains for MIDlets. The document specifies what kind of access rights a MIDlet in each of the four available domains should have (both default and all available settings). In general access even untrusted 3rd party MIDlets should have access to all of the restricted APIs, even though in most of the cases the system has to prompt the user for every access to the API.
Some operators, especially in the U.S., require manufacturers to customize the domain policy for the devices sold under their brand.
As an example, domain policy specification may not allow 3rd party MIDlets (both unsigned and signed) to create socket connections or to use SSL connections. Also PushRegistry use as well as user data access may be prohibited for unsigned MIDlets.
The details for the security domain policies for the operators should be requested from the specific operators directly.
|
How to reproduce
| -
|
Solution
| Developers can use generic phones for development, or try to work closely with the operator to overcome the limitations.
|
