By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,473 Members | 1,274 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,473 IT Pros & Developers. It's quick & easy.

hard coded password protection

P: n/a
Trying to get Windows AD LDAP working to recognize who is accessing the
page... I have successfully grabbed the user credentials and passed
them off to LDAP, but that required me to pass off a hard coded Userid
and password. Since this server is on our corporate network. Is there a
way to either:

1) Grab the userid/password of the client and use them to access the
windows LDAP server withouth having to give out my own? or

2) Protect the "include" so that a user could not "path" to the server
(\\server\directory\phpscripts\includes\password.p hp) and view the php
file, while allowing the WWW browser access to the file.

Thanks
Carl

Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Carl Hilton wrote:
Trying to get Windows AD LDAP working to recognize who is accessing the
page... I have successfully grabbed the user credentials and passed
them off to LDAP, but that required me to pass off a hard coded Userid
and password. Since this server is on our corporate network. Is there a
way to either:

1) Grab the userid/password of the client and use them to access the
windows LDAP server withouth having to give out my own? or

2) Protect the "include" so that a user could not "path" to the server
(\\server\directory\phpscripts\includes\password.p hp) and view the php
file, while allowing the WWW browser access to the file.

Thanks
Carl


Getting the user's userid/password would be a HUGE security risk! I can
just imagine what a malicious site could do. Doesn't matter if it's in
internal corporate network - it could still be abused so easily (i.e.
collecting the userid/password of the Pres, HR, Payroll...).

As to keeping them from viewing the file - don't put it in a directory
accessible to the network.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.