Use HTTPS, that’s encrypted, rather than HTTP, for all communication when sending or receiving private data or secure data to/from a server. However, these days it’s questionable whether HTTPS is good enough for some types of application. Recent security back doors, SSL vulnerabilities and man in the middle (MITM) attacks have made use of SSL, on it’s own, questionable. Consider additional protection for secure data such as additional data encryption before sending via HTTPS and SSL certificate pinning.
↧
