Hi, thanks for your input and for your suggestion to leave security to SSL. That is certainly the only wise solution. On first sight, security is not too important for my app since the data is not very sensitive (library data which is public anyways), so the only real security issue was the password encryption. But you're right that one should solve the problem on the transport level and not on the application level.
Just in cases where this would not be possible and where one would not expect a sophisticated man-in-the-middle attack, the public key solution is probably the only possible one and I was wondering if anyone is using the Crypto package to do this... Thanks, C. -- View this message in context: http://qooxdoo.678.n2.nabble.com/Best-practice-encrypting-decrypting-passwords-qooxdoo-rpc-php-tp4958086p4961537.html Sent from the qooxdoo mailing list archive at Nabble.com. ------------------------------------------------------------------------------ _______________________________________________ qooxdoo-devel mailing list qooxdoo-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
