Hello,
I'm developing an project, which consists in a webservice and a client application. It's a fair simple scenario. The webservice is connected to a database server, and the client consumes from the webserver in order to get information retrieved from the database.
The thing is:
1. The client application can only display data after a previous authentication;
2. All the data transferred between Web Service and clients must be confidential;
3. Data integrity shouldn’t be compromised;
I'm wondering what is the best way to achieve these requirements.
The first thing I thought about, was sending the server a digital signature containing a client certificate, to be stored in the server, and used as comparison for authentication. But I investigated a little about webservice security, and I'm no longer certain that this is the best option.
Can anyone give me an opinion about this?
TIA