[Date Prev][Date Next]
Confused on best secuirty method...
I've been playing around with OpenLDAP here for the past week very
throughly.. however I'm still a bit confused on what would be the most secure
method of transmiting passwords and storing them as there seems to be lots of
options. More than likely, I will be having one or two machines running slapd
and slurpd, and then serveral other webservers making calls to these from
various PHP scripts. What would be the best method of securing the passwords
being transmitted between these LDAP servers and website server machines?
MD5 or SSHA is the only method that I have been able to get to work
correctly, and I guess that's called a 'simple bind.' While that seems
perfectly fine to me to store that password in the directory as a MD5 or
such, when logging in, isn't the MD5 or SSHA always going to be the same??
Correct me if I'm wrong there, but it seems like a 'replay' problem exsists
still. Now I've been trying to figure out this SASL and Start TLS stuff,
there seems to be almost no documentation on it so I havn't got far (if any
one could point me to some info thanks!), but would those be any more secure
than using MD5 or SSHA? Would those even work in PHP?
I suppose one other option, would be to simply establish serveral SSH pipes
to the various servers and then just use the MD5 or SSHA password
trasmitting. This option makes the most sense to me right now as I don't
understand SASL or TLS, addtionally it would not be hard to get PHP to work
with that setup. Are there side effects to this setup that I am not seeing?
So if anyone can shed some light on what I should be aiming for I'd really
appricate it! Thanks again for any help.