Best way to implement crypting system

[adi]

Hi,

I'm developing a webservice and a client application to consume it's
services using v1.1 of the framework.
I wonder what's the best way to crypt the communication between the
webservice and the client. The webservice is a dedicated one, only
accessed by my client application and it should stay the same.
I can't use WSE because it is not supported by Windows 98 systems and
my client application should run on such machines.
My webservice usually returns a string as response. Should I only crypt
the response strings on the webservice and decrypt them on the client
side?
What's the best method to crypt/decrypt data so that speed will not be
very affected?

Thanks.

 

[Marc Gravell]

Can I ask the obvious question? Given that you can't use WSE etc, is
there an issue just using transport security i.e. https? Or are you
trying to do something specific? There are a lot more security
approaches available, but worth checking that the simplest option
isn't a fit first...

Marc

 

[adi]

1. I need to communicate through port 80. It's the only port that's
almost guaranteed to be opened on every system.
2. I don't want my app to depend on webserver's configuration. Many
clients won't have https enabled and I don't want to do it event if
they want it. I rather keep my application in control.

Marc Gravell a scris: