Re: passing credentials
- From: "Paul G. Tobey [eMVP]" <p space tobey no spam AT no instrument no spam DOT com>
- Date: Tue, 17 Apr 2007 14:43:56 -0700
I think what's passed and when will depend on how you're accessing the
service. Depending on what APIs you're using, it might call back to you
asking for the credentials or it might just send the default ones. If the
credentials are secure over wired, they'd be secure over wireless to the
same extent, although I suppose that intercepting them would be easier on
wireless. If you're convinced that wired is secure, you should be OK. I
don't know what happens automatically, so I'm not really the right
responder. If it were me, I'd use a packet sniffer on a wired network to
verify what data is actually sent by the device and would then assume that
the same bytes would be sent via wireless.
Paul T.
"Eric" <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7B8D67E7-6E41-47B8-981D-A027557809E8@xxxxxxxxxxxxxxxx
Paul, thank you for your response.
The web service is currently in development and under my control, so I can
change it. Right now, I have it set to use Windows Authentication only
(no
anonymous or unauthenticated access). On the device, Win CE 5.0, I've set
the 'Owner' information to include the domain and a valid domain uid and
password. Will these credentials be 'passed' to the web service if the
web
service is configured for Windows Authentication only? So far, network
access to resources (files, etc.) seem to handle the domain security
properly. Are the domain credentials secure if passed over Wireless with
WEP?
Thanks again for the information.
"Paul G. Tobey [eMVP]" wrote:
Well, your wireless stream *is* encrypted with the WEP key. That's not
good
enough? If all you're doing is sending clear text user name and
password,
you could arrange to negotiate some further encryption of the data stream
with the server. I don't think that you've really told us enough to know
what's even possible for you... The Web service has a pre-defined
characteristics and you can't change that? What is that characteristic?
If
it's taking clear text user name and password now, it's not secure
regardless of whether you get to it via wireless or wired connection.
Paul T.
"Eric" <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:14C14151-351C-457D-A52D-09C080AB6C64@xxxxxxxxxxxxxxxx
I'm developing a .Net CF 2.0 app for an HHP Dolphin 7600. I'm
connecting
over 802.11g with WEP only. I want to pass domain credentials from the
device to a web service without having to configure 802.1x, RADIUS,
etc.
Is
there a way to securely do this? The goal, since this app runs solely
within
the intranet, is to use Windows Authentication for everything.
.
- References:
- Re: passing credentials
- From: Paul G. Tobey [eMVP]
- Re: passing credentials
- Prev by Date: Re: passing credentials
- Next by Date: Re: passing credentials
- Previous by thread: Re: passing credentials
- Next by thread: Re: passing credentials
- Index(es):
Relevant Pages
|
