PixelToast, on 22 March 2013 - 02:22 PM, said:
- protect host computer
- do everything over HTTP
- if needed, send a rednet message to the host indicating there is an update
- make sure user's password are SHA-1 and salted
if you follow these you will not need to limit rednet / http in order to have a secure connection
SHA-1 is not a secure encryption technology!!! You have no excuse to not encrypt things properly if you're using PHP! It's as simple as going:
$password = "thisisapassword";
$hashed_password = hash("sha512", $password);
SHA-1 has many found collisions, and is easy to crack using simple online crackers, especially if the password is insecure. Please, for the safety of your users, do some research into password encryption and salting, and chose something from the SHA-2 family, such as SHA-512 used above.
I even have a pure Lua version of SHA-256 and SHA-244 available!
Then your password is turned into a 512-bit string of pure RANDOMNESS!