xendk
commented
12 years ago OpenSSL implemented, so pushing the rest to later.
Open xendk opened 12 years ago
xendk
commented
12 years ago OpenSSL implemented, so pushing the rest to later.
As the configuration can contain sensitive information, it must be protected from prying eyes.
While requiring the server to support SSL could be a solution, it's not good enough as it raises the bar for the end users, and we want to keep that as low as humanly possible.
So, some possibilities: mcrypt openssl (simple example in here: http://stackoverflow.com/questions/1391132/two-way-encryption-in-php )
The question is how widespread those PHP modules are.
Pure PHP lib: http://phpseclib.sourceforge.net/ (with fallback to mcrypt/openssl, if they're available). PEAR packages: http://pear.php.net/packages.php?catpid=6