Bill,
With PPC 2003, Windows Integrated Auth is using Kerberos from device to
server.
Prior to that, a hashing algorithm was used to encode username and password
as they
were sent over the wire.
--
Darren Shaffer
Principal Architect
Connected Innovation
"Bill" <(E-Mail Removed)> wrote in message
news:ED3E804B-9634-4DD7-A21E-(E-Mail Removed)...
> The Microsoft .NET Compact Framework Core Reference recommends at every
> turn
> that programmers should use Windows Integrated Authentication (WIA) for
> database access. No example connection strings are provided, but an MSDN
> article, "Smart Device Projects/Using System.Data.SqlClient" states that
> the
> connection string must include "Integrated Security=SSPI" as well as the
> userid and domain\password. The UID/password requirement makes sense in
> the
> context of a pocket PC since users generally don't have to log in to them.
> I
> want to assume the the obvious... that the Pocket PC Creates the WIA token
> and the the token is what gets sent over the WLAN. I work in a hospital
> environment where federal HIPPA regulations apply and I can't assume
> anything. I need to hear from an authority that, assuming an unencrypted
> communications environment, that the token, not the users password is what
> goes out over the air waves.
>
> --
> Senior Programmer/Analyst
> Duke University Health System
|
Similar Threads
