Communications Service Security

This feature is designed to use a network. To mitigate potential security risks, you should use available network security resources.

Best Practices

Use authentication

The server can ask for authentication in response to a connection request. Once a connection is established, authentication can be challenged for various requests. Communications Service supports Basic authentication, however you should be aware that credentials are sent in cleartext and are susceptible to packet sniffing. Therefore, you should consider using SSL for additional security.

Use Secure Sockets Layer (SSL)

SSL protocol encrypts data in communication, and thereby offers more protection from packet sniffing by anyone with physical access to the network.

Use encryption

If SSL is not available, you can encrypt sensitive information prior to sending it over the network. This prevents unauthorized users from viewing data in transmitted packets. Enable encryption through the registry. By default, encryption is turned off. For more information, see Mode in Communications Service Registry Settings.

Monitor the number of outstanding requests

If your client is going to subscribe to presence information for multiple contacts, ensure that the application processes events in a timely fashion. This prevents the number of outstanding events from becoming too large.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For registry information, see Communications Service Registry Settings.

 Last updated on Saturday, April 10, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.