Hi.
I'm building a webmail module for my MIT-licensed https://github.com/nicerapp/nicerapp websites platform (CMS and more, see https://nicer.app for a demo).
I'm building a webmail module for my MIT-licensed https://github.com/nicerapp/nicerapp websites platform (CMS and more, see https://nicer.app for a demo).
I don't want to store end-user's email connection settings in plain text on my server.
I've read all of https://github.com/defuse/php-encryption, understand most of it, but wonder if I can just encrypt the data using the end-user's password, which gets verified by couchdb and as such is only stored as a hash value in the database.
Will my SSL connection setup, and the password stored in a cookie in the end-user's browser, keep things safe enough to survive a PHP/apache-based intrusion, which tends to open up every 2 years when the guys at ubuntu.com prepare for a new release..
Will my SSL connection setup, and the password stored in a cookie in the end-user's browser, keep things safe enough to survive a PHP/apache-based intrusion, which tends to open up every 2 years when the guys at ubuntu.com prepare for a new release..
With regards,
Rene Veerman
