iPhone Development Options

March 9, 2010

Either I’m behind the times, or Apple isn’t great about communicating all the options out there for iPhone development. I just found out about Dashcode, an iPhone SDK for creating web apps with all the standard awesome iPhone widgets. It even lets your web app run offline! This being the case, I thought I’d put together a summary of the options you have for creating iPhone web sites/apps. Please comment if I’ve gotten anything incorrect, and help me out by providing better links =]

Web Site iPhone Site Offline Site App Store
Accessible y y y y
Other Mobile y y ? n
Offline n n y y
Zooming y n n n
App Store Approval n n n y
App Store Sales n n n y
iPhone Data n n n y
Push n n n y
  • Web Site – This refers to a regular web site, without any adjustments for the iPhone.
  • iPhone Site – This refers to a web site with some changes for the iPhone. It might be as simple as a few meta tags and CSS styles, or you might have to rewrite your views to be iPhone targeted. Either way, though, it’s not much effort. More Info
  • Offline Site – This refers to a webapp that’s set up to be able to run offline. If your users save your app to the home screen, everything on that page is saved as well, including JavaScript. If the app is set up to use a JavaScript-accessible local storage library, that data will be accessible as well. Apple has created an SDK called Dashcode that offers not only offline storage, but also easy drag-and-drop usage of regular iPhone UI widgets as well. More Info
  • App Store – This is what most people think of when they think of iPhone apps. These are written in Objective C using the iPhone SDK. They require App Store approval to be sold. More Info

Securing DWR

September 25, 2009

DWR is a great Ajax framework. One of the things that makes it easy is its web interface for generating JS interface files. However, that’s not something you probably want to expose to end-users. For one thing, it gives you an easy GUI interface to call any method you have with any parameters they like – a great tool for hacking!

Now, ultimately your server-side code should ensure security. But it’s also good to hide this DWR published interface. Here are some security settings you can add to your web.xml file to hide them, while still allowing DWR calls to go through:

<security-constraint>
<display-name>Protect DWR</display-name>
<web-resource-collection>
<web-resource-name>Test</web-resource-name>
<url-pattern>/dwr/test/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Index</web-resource-name>
<url-pattern>/dwr/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Forbidden</description>
<role-name>Forbidden</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

What this code does is put a security wrapper on /dwr/index.html and the /dwr/test directory. It’s requiring a role called “Forbidden,” and since you don’t define any users with that role, it effectively prevents anyone from getting to it. However, /dwr/call/ is kept free, so true DWR calls can make it through.


HttpServletRequest Demystified

April 17, 2009

Today is about the tenth time I’ve needed to redirect to a slightly modified version of the current URL. So, I have to piece together a URL from pieces in an HttpServletRequest. And I can never remember which piece is which. I know, I know, the difference between “servletPath” and “pathInfo” should be intuitively obvious to me. So now, for the last time, here is what the pieces mean, for an example URL: http://www.myserver.com:8080/appname/servletname/my/path?name=value

  • protocol – “HTTP/1.1″ (you’ll have to convert this back to http or https, for example)
  • serverName – “www.myserver.com”
  • serverPort – 8080
  • contextPath – “/appname”
  • servletPath – “/servletname”
  • pathInfo – “/my/path”
  • queryString – “name=value”

Not looking at all of these values now, so some might be slightly off – please post a comment to correct me.


BBC: “What is this…’search engine’?”

August 14, 2008

The BBC clearly has no idea what a search engine is. Check out this excerpt from the article “Mozilla plans Luganda web search“:

Internet search engine Mozilla Firefox has launched a project in Uganda to translate its searches into the local Luganda language.

Firefox isn’t a search engine – it’s a web browser. So, then, what can this even mean? Are they creating a search engine? Are they adding features to translate search terms before sending them to another search engine?

Updated: the article has been updated to remove all references to search engines, presumably after receiving e-mails from everybody who read the article.


Follow

Get every new post delivered to your Inbox.

Join 525 other followers