we are in the process of developing a warehouse management system using spring + hibernate + swing.
we are very please with using httpInvoker as a remoting solution.
however, my boss have raised a question regarding the security of using such remoting technique.
we are already using acegi security with basic authentication to filter access to remote services.
however, since it is using http for transport, could the data in transit be possibly be compromised, as in being evesdropped etc, since it is not being encrypted to the best of my understanding.
if this is really the case, is it possible for us to use maybe ssl (i.e over https) to rectify this situation.
we would be very grateful for any advice given.