RTC Client API Security (Windows CE 5.0)
The RTC Client API is designed to use a network.
To mitigate potential security risks, use available network security resources.
Best Practices
When using the RTC Client API, keep in mind the following best practices:
Use authentication
The server can ask for authentication in response to a connection request.
After a connection is established, authentication can be challenged for various requests.
The RTC Client API does not respond to a Basic authentication challenge from the server if Transport Layer Security (TLS) is not specified in the profile for the session.
Note If TLS is not available on all connections on the route between sender and receiver, the credentials remain visible on the segments that do not use TLS.
Use Transport Layer Security
TLS encrypts data in communication and thereby offers more protection from packet sniffing by anyone with physical access to the network.
Use encryption
If TLS is not available, you can encrypt sensitive information prior to sending it over the network. This prevents unauthorized users from viewing data in transmitted packets.
Enable encryption through the registry.
By default, encryption is turned off.
For more information, see Mode in RTC Client API General Registry Settings.
Monitor the number of outstanding requests
If your client subscribes to presence information for multiple contacts, be sure the application processes events in a timely fashion. This prevents the number of outstanding events from becoming too large.
Default Registry Settings
Be aware of the registry settings that impact security.
If a value has security implications you will find a Security Note in the registry settings documentation.
For registry information, see RTC Client API Registry Settings.
See Also
Real-time Communications (RTC) Client API | Enhancing the Security of a Device
Send Feedback on this topic to the authors