| ||
Do perform ongoing message authentication for all network traffic your application produces.
Do use a strong initial authentication mechanism.
Do encrypt all data for which privacy is a concern. Err on the side of privacy.
Do use SSL/TLS for all your on-the-wire crypto needs, if at all possible. It works!
Do not ignore the security of your data on the wire.
Do not hardcode keys, and dont think that XORing with a fixed string is an encryption mechanism.
Do not hesitate to encrypt data for efficiency reasons. Ongoing encryption is cheap.
Consider using network-level technologies to further reduce exposure whenever it makes sense, such as firewalls, VPNs, and load balancers.