First of, using SOAP is probably a pretty good idea.

I'm just gonna lose a few words on security, in case you choose your client app to communicate with a script on your server:

You would be passing information to your script through GET or POST variables. I recommend using POST variables and have your script ignore the GET variables completely. If you're using PHP, make sure register_globals is set to "off" in your php.ini as having it set to "on" is a major security risk.

The first security measure you should take is, to restrict access to your script with a password. This password would have to be sent to the script whenever you're requesting something. The script would validate the password and do nothing unless the password is correct.

The second measure you should take is to encrypt any data transfered between your client and your script. The easiest way to achieve that is to simply use SSL. Alternatively, you could RSA-encode all data manually. Since the exe would only need the public key, it can be hard-coded into yoru EXE or even be located in a text-file.

The third and probably the most important measure is to validate anything you write into the database (for example using regular expressions). If for example you're adding a new user to your database, remove all special characters form the information provided by the client app. If you do something like

UPDATE users SET username='$username', password='$password' WHERE id='$id'

you probably can imagine how easy this can be exploited to reset other people's passwords to whatever you want, as long as the information from the client app is inserted into your queries unfiltered.


Of course this still isn't absolutely safe. You might also want to give your client a specific useragent which is then checked for by the script and you could use some kind of authorization procedure where the script sends you a string of numbers and letters that you somehow process and send back to the server. There's really a lot you can do to secure the system, the information above is really just a guideline of what you definitely should be aware of.