Protected sending/receiving data via HTTP

This a pretty basic question. Let's say I have this iPhone/iP开发者_如何学Cad app that, at some point, gives the user the option to login. The username/pw are stored on the server's database.

What is the best way to communicate with the server to check if the username/pw are correct. How can I safely send & receive these requests via HTTP (without sending the plain pw)? What encryption/decryption should I use (both in-app and serverside)?

Just use SSL (i.e. https). Whatever you do, don't roll your own crypto!

if you dont want to send the password plain text, you should use md5 hash (there is built in function in iphone) encrypt the password with md5 function and send it to the server.

if the server DB has the password in plain text, he can also make md5 hash and compare it with the one he received from the client.

you can also use this method to encrypt you're username.