Web Service and Security

[Matt Tapia]

I have a web app. that is on secure server (SSL) that calls a web-service on
another service not secure (NO SSL). Is the data passed from the web service
to the secure server protected because the server calling the web service is
secure? Or is not protected at all because the computer with the web-service
is not secure?

Thanks!

 

[Chris Jackson]

It will not be encrypted.

 

[Matt Tapia]

Do you have any idea what some alternatives would be to make it encrypted?
Note: I am passing back a dataset from the web service.

 

[Chris Jackson]

You could install SSL on the server that is hosting the web service.
Alternately, you could use WS-Security. Take a look at the Web Service
Extensions - they provide some wrapper classes that make this a lot easier
to implement.