11-10-2011 05:29 PM
Is there a good way (or has anyone done something like this) to send a password from the Web UI to a Web Service? Sending it via plain text in a URL is not going to work. I have looked at the traditional simple encryption methods convert to binary then do something with it etc. and an easy way of converting the string to a format you can do something with (like binary) is not available. I am looking for any ideas or advice. Currently my plan is to convert each character to ASCII code and then manipulate that array of numbers.
11-11-2011 12:54 PM
Using SSL on the web server is probably the best way to handle this, if it's an option for you (Katie's second link).
Once you do that, and you access the web service over HTTPS, you shouldn't need to worry about further encryption of the login data. (It's probably also worth nothing that if you pick the SSL route, it's better to send the login credentials in the request body, as opposed to in the URL - since that can be saved in server logs / browser cache or history, and things like that).