[Date Prev][Date Next]
Re: PHP: issues managing the password, what is wrong?
Alberto Moreno <email@example.com> writes:
> Hi people, I doing a web interface that will request a username +
> password, like squirrelmail i will contact my ldap server, this app
> will run on Centos 5.3, php 5.3, this will be where my web pages will
> be, the ldap server is running on Gentoo with ldap 2.3.43.
> My current problem is with the password, I have found small app that
> wants to compare the input of the password vs the ldap password this
> will let us identify the user.
This application is broken and raises a security issue. The proper way
is to do a bind with the provided credentials. Furthermore you cannot
do a ldapcompare with hashed passwords.
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6