Do we need to apply security in message level in mobile appliaction call secure web service?
tarek helmy
Ranch Hand
Joined: Nov 14, 2008
Posts: 42
posted
0
Do we need to apply security in message level in e-commerce mobile appliaction call secure web service, since messages contains sensetive data?
or using SSL is quite enough and suffiecent?
please advise
thanks.
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35241
7
posted
0
Not knowing your application, we can't say for sure what needs to be done, and what might or might not be sufficient. But seeing "e-commerce" there, it sure sounds to me like you need to be very conscious of security in all its facets.
SSL has really become obsolete for web services; the standard way is to use the WS-Security standard, which all major WS toolkits support. I'm not sure what's available for a mobile JVM, though - are you talking about Android, JME or something else?
0
