I'm using Worklight adapters to fetch data from a webservice. From client side I'm doing
WL.Client.invokeProcedure
Server side has respective code. Issue is this client to server adapter communication is via plain text and can easily be sniffed. Though my url is HTTPS but is of no use. Please help, I'm sure there should be a way in IBM worklight to make a secure application.
Thanks
AFAIK worklight is providing only two options for security between your mobile app and wroklight server.
As you mentioned in your question Worklight is providing HTTPS for security.
You can compress the data using compressResponse
in your WL.Client.invokeProcedure
{
adapter : 'adapter-name',
procedure : 'procedure-name',
parameters : [],
compressResponse : true/false
}
compressResponse - Optional. A string that requests the response from the server to be
sent in a compressed format to reduce the amount of data that is
transferred between Worklight Server and the device. The default
value, if compressResponse is not specified, is false. Note: This
option is applicable for Android, iOS, Windows Phone 8, BlackBerry 10,
Mobile Web, and Adobe AIR. For Mobile Web applications, compression is
supported only when the device browser can decompress GZIP data. If
the size of the payload is larger than the compress.response.threshold
property set on the server, this option is ignored
You can always encrypt/decrypt, adapter requests/responses using javascript AES library.
You can use Stanford Javascript Crypto Library - SCJL for simple encrypt and decrypt. I guess SCJL is ships with Worklight.
SCJL is very simple to use. You find the below code to encrypt and decrypt.
sjcl.encrypt("password", "data");
sjcl.decrypt("password", "encrypted-data");