I am writing software for Point of Sale terminals. They will be communicating to the MS 2008R2 SQL server at the same time. I want them to be secure of course and have been researching some options. I think I have found what i want to do but wanted to get some feedback on my thoughts. I want to run services on the server that will do all the queries, keeping the passwords local on the server. Also all communication between the server and the POS will be encrypted with AES 256 using a passed token to initial a handshake between the two systems.
My concerns are that i am writing with visual studio and will use the wcf for my services and I'm not sure if my server has IIS. How would I tell? Can I use the wcf without IIS?
I was going to go simpler route of either using certificates or SSID but we have several employees and heavy turnover so giving access to the database for each user would be a pain. We are required to have each employee log into the POS with their network credentials.
I got the WCF service to work locally and am hoping it isn't too difficult to move to the server. Let me know of any areas I may be not considering.