moreOncoding
asked on
Is password hashed?
If I have all access turned off on a virtual directory except Windows Integrated Security, and I programatiacally connect to the directory over the internet using vb.net (HTTPWEBREQUEST/RESPONSE methods), will the password be hashed before it is sent over the network??? I know that typically it would be, but I am asking because I am doing this from a custom vb app. on a mobile device (running WinMobile5), not an ie browser on a pc.
It seems like it should get hashed somehow, but I'm wondering how it happens. Does the OS handle the hashing, or do I need to add something to my app?
It seems like it should get hashed somehow, but I'm wondering how it happens. Does the OS handle the hashing, or do I need to add something to my app?
SunBow
Try it? I agree that "It seems like it should get hashed somehow", but there are reports of various insecurities built into the access for mobile. More is better, if you can add something like another layer, where you have a footprint at both ends.
Researchers Criticize Security of Windows Mobile
By Matt Hines
October 26, 2006
http://www.eweek.com/article2/0,1895,2040754,00.asp?kc=EWWMUEMNL110206EOAD
According to the latest report published by J. Gold Associates, a Northborough, Mass.-based wireless research firm, Microsoft's decision not to offer file encryption capabilities on its Windows Mobile platform reflects poorly on the technology compared to other popular wireless systems.
Unlike the push e-mail systems offered by rival mobile software makers including Good Technology, Research In Motion and Sybase, Microsoft's wireless messaging technology doesn't include data protection beyond simple passwords, researchers said.
The current versions of ActiveSync and AirSync only support specially formatted data sets that meet certain Microsoft data specifications, which means that any transfer of data from Exchange Server to Microsoft's Pocket Outlook must be done in an unencrypted file-state.
A new research report contends that by failing to offer onboard encryption for e-mail files stored on Windows Mobile devices, Microsoft may be putting itself at a competitive disadvantage and leaving users vulnerable to data loss.
Unlike the push e-mail systems offered by rival mobile software makers including Good Technology, Research In Motion and Sybase, Microsoft's wireless messaging technology doesn't include data protection beyond simple passwords, researchers said.
By Matt Hines
October 26, 2006
http://www.eweek.com/article2/0,1895,2040754,00.asp?kc=EWWMUEMNL110206EOAD
According to the latest report published by J. Gold Associates, a Northborough, Mass.-based wireless research firm, Microsoft's decision not to offer file encryption capabilities on its Windows Mobile platform reflects poorly on the technology compared to other popular wireless systems.
Unlike the push e-mail systems offered by rival mobile software makers including Good Technology, Research In Motion and Sybase, Microsoft's wireless messaging technology doesn't include data protection beyond simple passwords, researchers said.
The current versions of ActiveSync and AirSync only support specially formatted data sets that meet certain Microsoft data specifications, which means that any transfer of data from Exchange Server to Microsoft's Pocket Outlook must be done in an unencrypted file-state.
A new research report contends that by failing to offer onboard encryption for e-mail files stored on Windows Mobile devices, Microsoft may be putting itself at a competitive disadvantage and leaving users vulnerable to data loss.
Unlike the push e-mail systems offered by rival mobile software makers including Good Technology, Research In Motion and Sybase, Microsoft's wireless messaging technology doesn't include data protection beyond simple passwords, researchers said.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SunBow,
Regarding your first comment, how would I see if it were hashed or not? I've run some tests and was able to connect, but had no way of seeing how the password was sent. Is there some kind of log that I can look at?
Regarding your first comment, how would I see if it were hashed or not? I've run some tests and was able to connect, but had no way of seeing how the password was sent. Is there some kind of log that I can look at?
ASKER
Since I've worked on this for some time without finding an answer, and since I do need to tell the people who gave me this assignment whether the password is hashed, I will increase to 500.