I am looking at developing a complete HTML5/JS mobile app that can be deployed to Android, iOS and Windows platforms. I am using DevExtreme tools to help me do that.
I already have a WCF service that serves me with everything I would need for this app. I want to reuse the same and found out how I could use JSONP (since I would be doing cross domain calls) and GET calls to get result from my service. I have implemented the service and have started using the same.
I am now second guessing my approach. Is it safe enough to use JSONP calls for all service requests? Especially for things like user authentication, If I send the username and Password over the URL is it safe? I have the service calls secured using SSL but does it really help? If not, what would be a more standard way to do it?
UPDATE: Another issue that I ran into was sending special characters in the GET JSONP call. Something like '\' or '*'. EncodeURI(), EncodeURIComponent(), escape() neither would owrk for these characters. I always got errors for the same and assuming the users will have secure passwords with special characters in them, the whole concept of using GET with JSONP seems to be useless
