다음을 통해 공유


RTC Client API Security (Windows CE 5.0)

Send Feedback

The RTC Client API is designed to use a network.

To mitigate potential security risks, use available network security resources.

Best Practices

When using the RTC Client API, keep in mind the following best practices:

Use authentication

The server can ask for authentication in response to a connection request.

After a connection is established, authentication can be challenged for various requests.

The RTC Client API does not respond to a Basic authentication challenge from the server if Transport Layer Security (TLS) is not specified in the profile for the session.

Note   If TLS is not available on all connections on the route between sender and receiver, the credentials remain visible on the segments that do not use TLS.

Use Transport Layer Security

TLS encrypts data in communication and thereby offers more protection from packet sniffing by anyone with physical access to the network.

Use encryption

If TLS is not available, you can encrypt sensitive information prior to sending it over the network. This prevents unauthorized users from viewing data in transmitted packets.

Enable encryption through the registry.

By default, encryption is turned off.

For more information, see Mode in RTC Client API General Registry Settings.

Monitor the number of outstanding requests

If your client subscribes to presence information for multiple contacts, be sure the application processes events in a timely fashion. This prevents the number of outstanding events from becoming too large.

Default Registry Settings

Be aware of the registry settings that impact security.

If a value has security implications you will find a Security Note in the registry settings documentation.

For registry information, see RTC Client API Registry Settings.

See Also

Real-time Communications (RTC) Client API | Enhancing the Security of a Device

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.