Network User Interface Security (Windows Embedded CE 6.0)

1/6/2010

Network UI is a sample user interface that obtains user credentials. It can be changed or replaced by OS developers. Applications can make use of its functionality through GetUsernamePassword or GetUsernamePasswordEx.

Network UI prompts the user for credentials and may cache them for use by Security Support Providers (SSPs). By default, Network UI saves only the user name and assumes that the domain password will not be written until the user is prompted for it.

Network UI Best Practices

Clear sensitive data when it is no longer needed

Functions should clear sensitive data from memory and registry settings when it is no longer needed.

Display an asterisk (*) for each keystroke that is typed into the edit control

Because displaying password contents can pose a security risk, do not display the password in plaintext. Instead, use the ES_PASSWORD control style to display an asterisk for each keystroke in user passwords and other sensitive information. For more information, see Edit Control Styles.

Follow cryptography security practices

Good cryptography security practices include clearing data from temporary storage after use and giving the user a choice whether to save sensitive information. For more information, see Cryptography Security.

Follow the authentication services security practices

Good authentication services security practices include not using plaintext passwords and not storing user credentials on the device. For more information, see Authentication Services Security.

Registry Settings

There are no registry settings for Network UI.

Ports

No specific ports are used for Network UI.

See Also

Concepts

Network User Interface Migration

Other Resources

Network User Interface
Communications Network Security
Enhancing the Security of a Device