Правильно запрашивать конфиденциальные данные с удаленного сервера

У меня есть некоторые предложения для вас,

 (1) Use secure encryption/decryption algorithms like AES-256 with user credentials based cryptographic key for sensitive data transmission in client server architecture.  
For more security you can use public key algorithm (like RSA-1024) to exchange symmetric key(Here AES) between client server. 


        1. @SERVER -----> generate Public-Private Key(RSA) ---> Send public key to Client.<br/>
        2. @CLIENT------> generate unique AES key using hash(username+passwd+salt)----> Encrypt Hash Value using RSA public key ---> Send Encrypt value to SERVER<br/>
        3. @SERVER------> decrypt  Encrpted AES Key using private key(RSA). Now SERVER have got AES key & CLIENT have it already.<br/>
        4. SERVER <------AES Encryption/Decryption----> CLIENT<br/>

     (2) Use SSL/TLS protocol for transport layer security.

     (3)  Use POST method for improved security.

     (4)  Code obfuscation & jumble algorithms can be applied for secure key generation to avoid reverse engineering attacks upto a level.