I am interested in using DreamFactory to help build APIs that will serve our IOS and ANDROID apps. However, my colleague (who is actually much more of an expert in the app development field then me) feels the approach of Dreamfactory is fundamentally not that secure for the following reason >>>
’REST API’s are not good for mobile application as the requested address is not encrypted this means a MITM (“Man In The Middle”) attack can see what URL’s are end points the point of using JSON-RPC means all requests hit the same endpoint. and the called method is then encrypted by the SSL Certificate.'
How would people respond to this?