Jesus Angeles wrote:I have been thinking about what Ulf said on possible decompilation. For authentication, the user details must be hardcoded inside the applet, or add another complexity (which is what I am trying to avoid in the first place) of putting the user credentials somewhere at a fixed location on the client's server or client.
James Clark wrote: SSL is a cave-man approach when applied to Web service calls.
James Clark wrote:Just my two cents... you should take a look at "message level" security in place of "using SSL/client-cert". Message level security is the better practice when designing security solutions for Web service communications. SSL is a cave-man approach when applied to Web service calls.
Jesus Angeles wrote:[ the SSL way does the work on the 'entire' load, not just the part that needs security.