473,574 Members | 3,085 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Storing and passing secure passwords to MS Exchange

Hi folks-
I've got an interesting problem. For our homebrewed PHP intranet
application, I will soon be required to give users access to their
email/calendar information from Microsoft Exchange.
I've found a nice set of classes that seems to pretty seemlessly
integrate PHP with Exchange via WebDAV. (Wish this could be done over
SOAP, but that's another issue entirely.)
Here's the issue:

Currently, I authenticate all users via LDAP to our Active Directory
domain. Since the app. does authentication this way, I can save and
pass their username/password combo to Exchange to get data when needed.

Here's the problem however.

1. I need to encrypt the passwords for database storage. No way on this
green earth would I store password data in the clear. OK, I'll use the
PHP mcrypt functions to encrypt the pwd, and then be able to decrypt it
to send it to Exchange.
2. My real issue lies in giving the application carte blanche access to
users' passwords. Sure, it's encrypted, but it has to be 2-way
encryption so my app (And in turn I) have access to the actual
passwords themselves. Bothers me to know that (as well as our InfoSec
officer. :) ).

Any ideas on how to save users' passwords while keeping the privacy of
the data?



Jul 20 '06 #1
0 1141

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: opt_inf_env | last post by:
Hello, I have a page such that each user can see only a corresponding (personal) part of the page. In the beginning I wanted to perform initialization of users (by asking there names and passwords and comparing them with names and passwords stored in database), than I planed (if comparison was successful) to set a corresponding value of...
by: Gordon Knote | last post by:
Hi In my application I need to store a password the user enters (unfortunately not a hash of it, but the password as a plaintext string). Is there any secure way to do so (by Visual Basic .NET) Thanks Gordon
by: John Buchmann | last post by:
In my web.config, I have a section that has a name and password: <credentials passwordFormat="Clear"> <user name="aaa" password="bbb" /> </credentials> Is this secure? What is to stop someone from opening up this file (it's a simple text file), getting the sensitive info, and then breaking into my site?
by: VB Programmer | last post by:
I am creating a new ASPX web app. I would like to use MS Access, but am concerned about security. There will be alot of secure info in this db (credit cards, passwords, client info, etc...) Is Access secure enough or should I just go with MS SQL Server? I like the portability of the MDB. Also, any good links/suggestions on how to secure...
by: Nikolay Petrov | last post by:
When using System.Security.Cryptography to Encrypt/Decrypt information, I need to store two values - the Initialization Vector and the Encryption Key. The are both needed in Encryption/Decryption process. Where I can store them securely, because if they are compromized, everyone can decrypt the encrypted information? I guess, that it is...
by: Notgiven | last post by:
I am considering a large project and they currently use LDAP on MS platform. It would be moved to a LAMP platform. OpenLDAP is an option though I have not used it before. I do feel fairly confortable with my ability to use SESSIONS for authentication and access control. Would it better to learn and use LDAP or can you REALLY have just as...
by: Usman | last post by:
Hi I'm working on an application that contains classes for licensing, authentication etc, including all the algorithms of encryption/decryption etc. I wanted to secure this code, but after compiling all the code, I just thought of trying a decompiler on the output file. The decompiler generated almost 99% of the exact code out of it,...
by: =?Utf-8?B?QWRhbSBT?= | last post by:
I would like to know the best way to store credentials in a c# application. I am writing some administrative tools and will need to store username and password information for a domain account with elevated privileges. While I am sure this is not a "best practice" I have not come up with a way around this as not all users of the app will have...
by: Eric Wertman | last post by:
I've a number of scripts set up that require a username/password combination to log in elsewhere. It's gotten to the point where I need to keep them in a more secure location, instead of just in the scripts themselves. I did a bit of searching, and haven't come up with a great way to store passwords using 2-way encryption (I have to send...
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.