I'm building an web application that lets a user enter their credentials for Website-A, and granting my application permission to log in on their behalf. Website-A does not have an API, it does not support OAuth, etc. OAuth is not an option, and it appears most of the other questions based around this recommend OAuth.
Is the best way to do this to encrypt their passwords using any one of the popular encryption algorithms, store the key somewhere safe, and call it good? Their accounts will theoretically be read-only.
The stack uses PHP/MySQL but we're running Node.js with Request and Cheerio to handle the authentication, in some extreme cases we're actually using PhantomJS to render the site (when they are ajax heavy).
Thanks!
It's no surprise that AES CBC with strong padding is the best bet. You'll find a longer discussion here: What encryption algorithm is best for encrypting cookies?
Heck, you could even use the MySql built-in AES_ENCRYPT.
It's all about your key safety.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments