Reputation: 36
I am programming a platform, where the user has a profile and separately gets an E-Mail address.
In this platform they can store some settings and their E-Mail Password.
Now they can click on "login webmail",
Rainloop opens in new popup, and they are already logged in.
So I now I have to solve security issues:
I don't want to save the password as plain text in my portal database. Rainloop provides following example for autologin.
<?php
$_ENV['RAINLOOP_INCLUDE_AS_API'] = true;
include '/var/www/rainloop/index.php';
$ssoHash = \RainLoop\Api::GetUserSsoHash('[email protected]', 'plain-password');
\header('Location: http://yourdomain.com/rainloop/?sso&hash='.$ssoHash);
What would be a secure way to encrypt the plain password before saving it to database, and decrypt it in the script which generates the ssoHash
Upvotes: 1
Views: 1406