Connectivity between Microsoft SQL Server Compact 3.5 and an instance of SQL Server relies completely upon correctly configuring the security models for both Microsoft Internet Information Services (IIS) and SQL Server.
In the SQL Server Compact 3.5 connectivity scenario, an application initiates synchronization by invoking the appropriate connectivity solution: either replication or remote data access (RDA). Before you access a SQL Server database using replication or RDA through HTTP, you must set up an IIS virtual directory that contains the SQL Server Compact 3.5 Server Agent, and configure the appropriate NTFS File System permissions. Configuring IIS authentication and authorization specifies the clients that can invoke the SQL Server Compact 3.5 Server Agent. Implementing this layer of security controls the clients that can perform database synchronization or remote database access.
You can configure IIS to use Secure Sockets Layer (SSL) encryption. This safeguards the data sent between the device and IIS when database synchronization or remote database access is performed. For more information, see Configuring SSL Encryption.
After you invoke the SQL Server Compact 3.5 Server Agent, it connects to an instance of SQL Server. SQL Server Authentication and authorization can be configured to control access to SQL Server and SQL Server publications.
The following topics describe how IIS and SQL Server are configured to support security for the SQL Server Compact 3.5 connectivity solutions (replication and RDA):
For more information about SQL Server Compact 3.5 database security, see Securing Databases (SQL Server Compact).