posted 14 years ago
Not knowing your application, we can't say for sure what needs to be done, and what might or might not be sufficient. But seeing "e-commerce" there, it sure sounds to me like you need to be very conscious of security in all its facets.
SSL has really become obsolete for web services; the standard way is to use the WS-Security standard, which all major WS toolkits support. I'm not sure what's available for a mobile JVM, though - are you talking about Android, JME or something else?