I noticed that HTTPS was mentioned by a few people. Note that HTTPS only offers a start
. It's far from sufficient when it comes to the transportation. HTTPS it itself make the channel
"secure" (as in, 'it takes a while to decrypt'). It doesn't authenticate either end of the channel; just the fact that I talk to you over HTTPS doesn't mean I'm entitled to your data, nor does it mean I am who I say I am.
Basically, when two parties communicate, you want to:
- Encrypt you channel. Noone should be able to read what was send by inspecting the wire.
- Authenticate both parties. You shouldn't send data to someone who isn't your client, and your client shouldn't accept data from someone else. No man in the middle attacks.
- Authorize the parties. A test server from the client may be authenticated, but it's not entitled to the production data.
- Audit trail the communication. Who logged in when. What was asked for. What was send.