I'm building a web service consumer using Spring Integration. The web service provider requires that we login once a day to retrieve a session ID and use that for the rest of the day in all other service requests. What I find weird is the initial login service has us passing the credentials in XML like the following:
It's the first web service consumer I write, but this seems insecure to me. Especially since the request is being made over normal http, not https. Could someone shed some light for me?
<login> <param1>username</param1> <param2>password</param2> </login>