[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PHP: issues managing the password, what is wrong?


Alberto Moreno wrote:
>   My current problem is with the password, I have found small app that
> wants to compare the input of the password vs the ldap password this
> will let us identify the user.

As Dieter already said, wrong. Authenticate directly with provided
credentials, or use "proxy" user to search for uid resp. DN, then try to
authenticate against it with provided credentials.

>   Well searching aroun, I found the crypt function but there is a
> thing that I don't like it:
> "The standard DES-based encryption crypt() returns the salt as the
> first two characters of the output. It also only uses the first eight
> characters of str , so longer strings that start with the same eight
> characters will generate the same result (when the same salt is used)"
>  How can I deal with this note: 8 characters only?

I believe this is broken, or obsolete. I'm using Perl port of Unix
crypt() function, and it works just fine for "any" password lengths.
8 characters limitation sounds like - history :)


Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net