Do we need to apply security in message level in mobile appliaction call secure web service?
Joined: Nov 14, 2008
Do we need to apply security in message level in e-commerce mobile appliaction call secure web service, since messages contains sensetive data?
or using SSL is quite enough and suffiecent?
Joined: Mar 22, 2005
Not knowing your application, we can't say for sure what needs to be done, and what might or might not be sufficient. But seeing "e-commerce" there, it sure sounds to me like you need to be very conscious of security in all its facets.
SSL has really become obsolete for web services; the standard way is to use the WS-Security standard, which all major WS toolkits support. I'm not sure what's available for a mobile JVM, though - are you talking about Android, JME or something else?