Hello,
we are going to develop Pocket PC application in C#, targeting Windows Mobile 5.0. The application will use SQL Server Mobile database in the device to synchronize with publication created in SQL Server 2005 database.
What security measures we have to take?
Is the synchronization message send through internet is in encrypted format?
Can we implement digital certificate along with Pocket PC application?
If anybody has an idea about the security implementations with Pocket PC applications, please reply to the problem.
Regards,
Shanavas.
Shanavason,When you talk about synchronizing data between SQL Mobile and SQL Server 2005, you have 3 main options: Remote Data Access (RDA), Merge Replication, or web services. Assuming you plan to use RDA or merge, the data exchange is compressed but not encrypted. You should use SSL (HTTPS) for your RDA or merge replication dialog between device and server. You can also password protect and/or encrypt your SQL Mobile database on the device to secure any data that might be jeopardized if the device is lost or falls into untrusted hands.
The SQL Mobile books on-line cover the options for securing RDA and merge replication topologies and the connection authentication options available.
-Darren Shaffer
No comments:
Post a Comment