Not only do you need to consider encryption, but authorization as well.

I developed a help-desk app using Kixforms and Sockets. A small Kix script ran on the workstations as a system service. It listened for connections and performed queries/tasks. For queries, it collected data and returned it to the manager application in the help desk.

It starts by exchanging a series of packets to negotiate an authentication. In this "clear text" exchange, a clear value and a hashed value are passed, calcuation performed, and a hash returned. When the calculations on each end match the hashes exchanged, communication can start. The data that is exchanged from that point forward is obfuscated via my cipher function. The initial release did not encode the request/response data as it was used exclusively on a private network.

Another challenge to overcome is exchanging complex data structures. Some of the functions that ran on the target systems returned arrays, or even arrays of arrays. I had to come up with a method to represent this in a data stream and convert it back to the proper format.

It worked well, but it took a lot of time and effort to make it work securely, even without SSL.

Another method to consider is HTML, as you can use Kix to send GET, POST, PUT, and DELETE requests to a URL. A fairly basic ASP or ASP.NET page can pass requests to a Kix application on the back-end. I'm using Kix to integrate with REST APIs on a couple of different platforms now.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D