My Java app server is about to integrate with a RESTful web service and will be polling it for content (JSON) to display to my users.
My users login with their usernames/passwords, which I must then hash + salt and then forward on to the web service with each call. The web service takes the hashed/salted login info and authenticates it (again, each call).
Assuming that I can't change anything on the web service end, and that the webservice expects hashed/salted login credentials as input parameters (along with the API endpoint, HTTP body, etc.), what are some security measures I can take on the client-side to keep the user-supplied username/password safe.
The worst thing I could probably do is just keep them in memory. What are my other options?