This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
We have a Service oriented middle layer servlet which would respond to the requests from a mobile device. The Servlet will handle the business logic and will return a view object like json or xml to the device. We have a scenario where the user passes in his username & password for the initial login. Do you have a solution to encrypt this credentials when its read in the request parameter, so that the developer wont be able to see it or print it to the logs?
If you're passing credentials, pass them over SSL channel.
If you're looking for more secured and _standard_ solution and do not want user to pass his/her credentials from mobile app, there is very famous protocol exist: OAuth 2 (http://oauth.net/) which is perfectly fit for such requirement.