I've a web service which is deliverying senstive data to the clients. I'm using it overhttps and it requires the users to send their userid and password (plain text) as parameters to get data. Assuming that the both end points (sender's and receiver's) are secured, is it safe enough? If not, what else I should do to secure the process? I'm doing this for the first time. Any thoughts and suggestions are most welcome and much appreciated. I am using c# ASP.NET 4.0
Thanks
Rose :)