05-20-2007 07:05 PM - edited 03-13-2019 04:08 PM
When a field is defined as password, will it be sent as plain texts or ciphertexts?
Any alternatives if it is sent as plain texts?
Thx ;)
05-21-2007 04:30 AM
It's sent as plaintext and as a query string parameter. I'm not aware of any other way - but I'm sure with the move to https, we'll see https support for phones sooner rather than later - I guess the biggest challenge is certificates since you can't just accept a certificate on the phone as you'd do in a webbrowser.
In the meantime, I'd rely on separate VLANs and port authentication on the switch to ensure nobody hook in between the phone and the switch to get the traffic - and if you have untrustworthy individuals having access to the backbone of your network, you have a whole set of different problems that encryption of ip phone services won't cure.
05-21-2007 05:35 PM
:-) yes, and I think it should not be too hard on Java powered phones ;-)
with the proper coding, you don't have to accept or store a certificate for HTTPS connections.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: