5.1 Security Considerations for Implementers
To reduce exploits of server code, it is recommended that anonymous access to the server not be granted. To make method calls on the EMSMDB and AsyncEMSMDB interfaces, only properly authenticated RPCbinding handles are allowed.
Most of the EMSMDB and AsyncEMSMDB interface methods require a session context handle, which can only be created from a successful call to the EcDoConnectEx method, as described in section 18.104.22.168. The server verifies that the authentication context on the RPC binding handle has sufficient permissions to access the server and create a Session Context. These method RPCs are used by the client to create a Session Context with the server. They are also used to declare to the server who is attempting to access messaging data on the server through the DN passed in the szUserDN parameter. It is recommended that the server verify that the authentication context on the RPC binding handle has ownership permissions to the directory service object that is associated with the DN. If the authentication context does not have adequate permissions, the server fails the call and does not create a Session Context.
Although the protocol allows for data compression and data obfuscation on the EcDoRpcExt2 method specified in section 22.214.171.124, it is recommended that data compression and data obfuscation not be used in place of proper encryption. It is recommended that RPC-level encryption be used by the client when establishing a connection with the server. This will properly encrypt all parameters of all method RPCs on the EMSMDB and AsyncEMSMDB interfaces.