I am developing an iPhone app that needs to use a Joomla-generated database located on my own server.
There are a lot of solutions, so for more security I decided to 'talk' with the database via PHP.
I have a PHP page like this:
www.mypage.com/iphonelogin.php ?username=USER1&password=XXX&option=login
The option can be: getuserinfo, login, reset password, etcetera.
The problem is that the password stored encrypted in the database. (MD5(password+Salt):Salt)
So, I am wondering how to do this the following ways:
Low security way: PHP gets a plain text password from the APP and the Full encrypted password from de DB. Then PHP uses the salt, encrypts the password and does the comparison, then return YES or NO to the APP.
Other way: PHP gets the password REVERSIBLE encrypted from the APP and decrypt it, then the same like above.
Nice security way (pretty slow): PHP get the Full encrypted password from the DB, then shows the Salt to the APP. The APP encrypt the password Joomla way and send a full encrypted password to PHP which do the comparison and returns YES or NO to the APP.
I need high security and fast connection, because every time the app needs something from the database, the login must be confirmed.
Please tell me what to use or some another way to do it.
