As the configuration can contain sensitive information, it must be protected from prying eyes.
While requiring the server to support SSL could be a solution, it's not good enough as it raises the bar for the end users, and we want to keep that as low as humanly possible.
As the configuration can contain sensitive information, it must be protected from prying eyes.
While requiring the server to support SSL could be a solution, it's not good enough as it raises the bar for the end users, and we want to keep that as low as humanly possible.
So, some possibilities: mcrypt openssl (simple example in here: http://stackoverflow.com/questions/1391132/two-way-encryption-in-php )
The question is how widespread those PHP modules are.
Pure PHP lib: http://phpseclib.sourceforge.net/ (with fallback to mcrypt/openssl, if they're available). PEAR packages: http://pear.php.net/packages.php?catpid=6