Closed abdelrahmanahmed closed 6 years ago
afterlogic-support
commented
6 years ago Those functions are used to encrypt/decrypt passwords so that they're not stored in the database in plain view. Those shouldn't be used for logging user in, though - API assumes you're submitting actual email and password, and they're compared against IMAP server, not against values stored in the database.
abdelrahmanahmed
commented
6 years ago My application scenario is each user has email credentials (encrypted password using EncodePassword)
and when when he opens the email page , i used these credentials and decrypt the password and process the logging in programmatically scenario. how do you suggest to make this process to more secure ? i don't want my users to enter their credentials anyway.
afterlogic-support
commented
6 years ago Your application needs to have users' email credentials stored somewhere, of course. But I would not recommend using EncodePassword / DecodePassword methods for encryption as that algorithm is really basic. Perhaps, something like XXTEA would work better.
According to your api_Utils I have found
EncodePasswordandDecodePasswordis used for encoding and decoding passwords . Should i use them into my app for logging in programmatically ? , if yes i think it must contain a private key or something like that so no one decode it.