Do I need to encrypt my passwordeditfield before sending over the internet

I know that the PasswordEditField displays asterisks but stores in plain text, and I also know that the Blackberry network is encrypted.

If I am 开发者_JAVA技巧using BIS, do I need to encrypt the value in the PasswordEditField before posting over the Internet to a web service?

If the client states that encryption is required, Can I simply to the encryption/decryption at the backend, but send plain text over the Internet (under the cover of RIM's encryption)?

If you're making an HTTP connection to a web service, you need to do your own encryption. BIS can protect communication internally, but eventually it has to go over the open Internet to get to the web service. At that point, the information is vulnerable.

If you connect via HTTPS, then the entire communication channel is encrypted and you don't need to do any additional encryption.

This link suggests that not everything between the Blackberry and the BES is encrypted (http://www.blackberryforums.com/bes-admin-corner/162794-blackberry-encryption-question.html).

However, IIRC, you can initiate an SSL connection between the device and your server. Ah - http://supportforums.blackberry.com/t5/Java-Development/BlackBerry-Support-for-HTTPS-connection/ta-p/445952 - shows example of encrypted connections.