[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: crypt openldap password in PHP ?

To: openldap-software@OpenLDAP.org
Subject: Re: crypt openldap password in PHP ?
From: Tim Niemueller <lists@niemueller.de>
Date: Thu, 08 Mar 2001 19:09:05 +0100
Organization: http://www.niemueller.de

Tom schrieb:
> 
> Hello,
> 
> I've got a question that is about the psswaord crypting with PHP.
> 
> My goal is to protect with SHA or MD5 the userPassword attribute. My
> problem is that I must do that into a php page and I d'on't know how
> to make it. So if someone can help me, It will be great.

If I understand it the right way what you are trying to do makes no
sense. My guess it that you want to protect the password so that it
cannot be sniffed (if PHP page and OpenLDAP reside on the same server
it's not worth the work anyway). OK.
But: If you stored hashed passwords on the server and transmit the
hashed passwords, a potential sniffer could gather the hashed password
which would be enough to login, since the HASH became the password. The
original password is not needed any more. The has is enough! So what you
want to do is to open a SSL-secured connection to the OpenLDAP server.
That and only that protects you passwords.

        Tim


-- 
    Tim Niemueller <tim@niemueller.de>      www.niemueller.de
=================================================================
 Imagination is more important than knowledge. (Albert Einstein)

Prev by Date: RE: configure openldap
Next by Date: fetch(3) for OpenLDAP on Linux?
Index(es):
- Chronological
- Thread