473,467 Members | 1,531 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Storing and passing secure passwords to MS Exchange

Hi folks-
I've got an interesting problem. For our homebrewed PHP intranet
application, I will soon be required to give users access to their
email/calendar information from Microsoft Exchange.
I've found a nice set of classes that seems to pretty seemlessly
integrate PHP with Exchange via WebDAV. (Wish this could be done over
SOAP, but that's another issue entirely.)
Here's the issue:

Currently, I authenticate all users via LDAP to our Active Directory
domain. Since the app. does authentication this way, I can save and
pass their username/password combo to Exchange to get data when needed.

Here's the problem however.

1. I need to encrypt the passwords for database storage. No way on this
green earth would I store password data in the clear. OK, I'll use the
PHP mcrypt functions to encrypt the pwd, and then be able to decrypt it
to send it to Exchange.
2. My real issue lies in giving the application carte blanche access to
users' passwords. Sure, it's encrypted, but it has to be 2-way
encryption so my app (And in turn I) have access to the actual
passwords themselves. Bothers me to know that (as well as our InfoSec
officer. :) ).

Any ideas on how to save users' passwords while keeping the privacy of
the data?

thanks!

Shawn

Jul 20 '06 #1
0 1128
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Is session enough secure?
by: opt_inf_env | last post by:
Hello, I have a page such that each user can see only a corresponding (personal) part of the page. In the beginning I wanted to perform initialization of users (by asking there names and...
PHP
3
Secure password storing
by: Gordon Knote | last post by:
Hi In my application I need to store a password the user enters (unfortunately not a hash of it, but the password as a plaintext string). Is there any secure way to do so (by Visual Basic .NET) ...
.NET Framework
3
Passwords in web.config... is this secure?
by: John Buchmann | last post by:
In my web.config, I have a section that has a name and password: <credentials passwordFormat="Clear"> <user name="aaa" password="bbb" /> </credentials> Is this secure? What is to stop...
ASP.NET
6
How secure is MSAccess?
by: VB Programmer | last post by:
I am creating a new ASPX web app. I would like to use MS Access, but am concerned about security. There will be alot of secure info in this db (credit cards, passwords, client info, etc...) Is...
ASP.NET
5
Storing Secrets
by: Nikolay Petrov | last post by:
When using System.Security.Cryptography to Encrypt/Decrypt information, I need to store two values - the Initialization Vector and the Encryption Key. The are both needed in Encryption/Decryption...
Visual Basic .NET
6
is using LDAP or SESSION more secure for authentication and access control?
by: Notgiven | last post by:
I am considering a large project and they currently use LDAP on MS platform. It would be moved to a LAMP platform. OpenLDAP is an option though I have not used it before. I do feel fairly...
PHP
14
How to secure the Dotnet code
by: Usman | last post by:
Hi I'm working on an application that contains classes for licensing, authentication etc, including all the algorithms of encryption/decryption etc. I wanted to secure this code, but after...
.NET Framework
13
Storing Credentials in Application
by: =?Utf-8?B?QWRhbSBT?= | last post by:
I would like to know the best way to store credentials in a c# application. I am writing some administrative tools and will need to store username and password information for a domain account with...
C# / C Sharp
3
Storing Passwords
by: Eric Wertman | last post by:
I've a number of scripts set up that require a username/password combination to log in elsewhere. It's gotten to the point where I need to keep them in a more secure location, instead of just in...
Python
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us