Oh! Some improvements on the EAS area, great news!
Question 1:
Is it so that you can restrict only the device by device name on the URL? And not e.g. certain software level?
Question/comment 2:
Still waiting that you block the DoS hole: Currently, everybody is able to knock all companies EAS services. And start guessing the passwords on the company. E.g. I can take Greg's account and setup that to my emulator and check if I can find his password. This is possible, because the first handshake on the EAS is the authentication.
I would like to see, that we can setup the device ID for certain user and if that user is trying to access EAS service s/he will get nothing unless user ID and DeviceID are correct. Not even the password request. This is possible because the first URL contains user ID and device ID.
We can write own code for better security, but that is not supported by MS, so we have to let the EAS service unprotected, which is pretty sad.
Microsoft
