Thanks for the reply. My question about needing SSL was actually meant for @hareeshmu’s approach, so I edited my question to make that clearer. (Sorry, it wasn’t so clear before. I don’t understand why it is not showing up as a reply to his comment.)
Regarding the security of not using SSL: so I am right in saying that the password is sent in plain text when not using SSL? Then it would be nice to warn people about that.