Parsing XML from PHP webservice call with jQuery: Is 'https' enough to secure the XML?

Here's my situation:

I've successfully created a simple PHP webservice to pull data from MySQL. I've got an HTML page with jQuery making an AJAX call to that webservice. The PHP returns XML, which the jQuery parses and displays on success. Pretty standard stuff here.

I've done a lot of research on securing the XML during transit to the HTML page. I'm not passing sen开发者_Python百科sitive info, however I don't like the idea that the info is just out there for the taking during transit. I was considering making all the calls using https and securing the webservice folder. Does anyone know if this is enough to secure the data? I feel like it should be...

Also, this type of webservice could eventually be consumed by an iPhone APP, if that has any bearing on the response or direction of answers here. Thoughts? Thanks for reading.

If your users need to authenticate when using the webservice and this is done over https and transmitting the xml is done over https as well. That part of the transmission is secure and can not be sniffed.

If you connect to your mysql server on a private network or block external access to the mysql server as well then all should be secure (insecure scripting not taken into consideration)