Shell Security (Windows Embedded CE 6.0)
1/6/2010
The Shell catalog item is a trusted component. This means that it has access to critical resources in the system. If you are making any modifications to the Shell, you must be aware of the full implications of your changes, otherwise you may compromise the security of this component, and potentially other associated components and resources.
In general, it is always important to use secure coding techniques while you work with the Shell functionality.
For more information about Windows Embedded CE security services, see Enhancing the Security of a Device.
Best Practices For Windows Embedded CE
Use the /password parameter with extreme caution in Command Processor Shell
Use extreme caution when using the net command with the password option in the command processor shell. The input to the password option is a plaintext password. If an unauthorized user who is physically close to the user reads the plaintext password, the security of the computer and associated resources can be compromised.
The command processor shell keeps a command line history of all the commands used. Even if the password setting is scrolled off the screen, an unauthorized user can potentially discover the password by scrolling through the history. To prevent the discovery of the password, when the net command is called with this option from a cmd.exe window, the user should shut down the cmd.exe session immediately after completing the command.
The net command should only be run on a local device when the user is using the /password parameter. It should not be run remotely unless there is a secure communication mechanism, or else the password could be eavesdropped on. For example, it is highly unsafe to use the net command with the /password parameter through the telnet server.
Default Registry Settings
You should be aware of the registry settings that impact security. If a value has security implications, you will find a Security Note in the registry settings documentation.
For Shell registry information, see Shell Registry Settings.
Ports
No specific ports are used for Shell.