我是 android 新手，想开发应用程序来管理移动设备上的库存。

我可以运行应用程序“Hello world”，也可以与数据库通信。

但我在导航、表单和控件方面遇到问题。

对于我的应用程序，我想将库存数据存储在数据库中并以网格格式检索并管理数据。

任何人都可以告诉如何解决这个问题。

提供教程也是可以的（我尝试了一些但没有成功）

提前致谢。

在我的 Android 应用程序中，正在创建名为“mainout.xml”的文件，而该文件在哪里创建，应用程序没有运行。

有谁知道如何解决这个问题？？

谢谢。

文档有点稀缺，但我的搜索除了SMSComposeTask从应用程序发送短信外，什么也没找到。

这是在 Windows Phone 7 中从应用程序发送 SMS 消息的唯一方法吗？Android 和 iOS（4 或更早版本）是否对从应用程序发送 SMS 消息施加了类似的限制？

嘿，我要在手机上做一些应用程序

使用图像处理应用程序

我在问哪个适合我

因为我需要一种编程语言来支持具有高的 phonve 设备

内存，已释放以在手机上工作的最大内存数量是多少

有没有关于支持高内存的手机的名称，所以我可以买它来帮助我工作

Overview

I'm looking to create a (REST) API for my application. The initial/primary purpose will be for consumption by mobile apps (iPhone, Android, Symbian, etc). I've been looking into different mechanisms for authentication and authorization for web-based APIs (by studying other implementations). I've got my head wrapped around most of the fundamental concepts but am still looking for guidance in a few areas. The last thing I want to do is reinvent the wheel, but I'm not finding any standard solutions that fits my criteria (however my criteria my be misguided so feel free to critique that as well). Additionally, I want the API to be the same for all platforms/applications consuming it.

oAuth

I'll go ahead and throw out my objection to oAuth since I know that will likely be the first solution offered. For mobile applications (or more specifically non-web applications), it just seems wrong to leave the application (to go to a web-browser) for the authentication. Additionally, there is no way (I am aware of) for the browser to return the callback to the application (especially cross-platform). I know a couple of apps that do that, but it just feels wrong and gives a break in the application UX.

Requirements

1. User enters username/password into application.
2. Every API call is identified by the calling application.
3. Overhead is kept to a minimum and the auth aspect is intuitive for developers.
4. The mechanism is secure for both the end user (their login credentials are not exposed) as well as the developer (their application credentials are not exposed).
5. If possible, not require https (by no means a hard requirement).

My Current Thoughts on Implementation

An external developer will request an API account. They will receive an apikey and apisecret. Every request will require at minimum three parameters.

• apikey - given to developer at regisration
• timestamp - doubles as a unique identifier for each message for a given apikey
• hash - a hash of the timestamp + the apisecret

The apikey is required to identify the application issuing the request. The timestamp acts similarly to the oauth_nonce and avoids/mitigates replay attacks. The hash ensures that request was actually issued from the owner of the given apikey.

For authenticated requests (ones done on the behalf of a user), I'm still undecided between going with an access_token route or a username and password hash combo. Either way, at some point a username/password combo will be required. So when it does, a hash of several pieces of information (apikey, apisecret, timestamp) + the password would be used. I'd love feedback on this aspect. FYI, they would have to hash the password first, since I don't store the passwords in my system without hashing.

Conclusion

FYI, this isn't a request for how to build/structure the API in general only how to handle the authentication and authorization from solely within an application.

Random Thoughts/Bonus Questions

For APIs that only require an apikey as part of the request, how do you prevent someone other than the apikey owner from being able to see the apikey (since sent in the clear) and make excessive requests to push them over usage limits? Maybe I'm just over thinking this, but shouldn't there be something to authenticate that a request was verified to the apikey owner? In my case, that was the purpose of the apisecret, it is never shown/transmitted without being hashed.

Speaking of hashes, what about md5 vs hmac-sha1? Does it really matter when all of the values are hashed with with sufficiently long data (ie. apisecret)?

I had been previously considering adding a per user/row salt to my users password hash. If I were to do that, how could the application be able to create a matching hash without knowing the salt used?

我是一名计算机工程专业的学生，​​我想尽快选择我的道路。我可以使用 C# 开发任何东西吗？

android 应用程序是否有可能在后台作为服务运行，拦截来自硬件键盘的按键事件并在某些特殊情况下更改行为（即生成的字符）？

考虑的想法是对键盘布局进行某种修复，主要是使用替代键盘映射使重要的特殊字符可用，而不必从触摸屏上的巨大网格中进行选择。有时，移动设备的默认键盘映射并不代表所有重要字符，在涉及非英语语言时更是如此。

感谢您的灵感:) 彼得

编辑：另外强调硬件

我已经阅读了一些移动应用程序不需要验证码的网站。

我有些疑惑。

为什么在 Web 应用程序中需要验证码，而在访问同一应用程序的移动设备中不需要验证码？

如何在特定时间内停止执行 j2me 的 midlet？

我以前听说过“增强现实”这个词，但它是什么意思？

具体来说，什么是增强现实 iPhone 应用程序？