469,331 Members | 5,955 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,331 developers. It's quick & easy.

Storing and passing secure passwords to MS Exchange

Hi folks-
I've got an interesting problem. For our homebrewed PHP intranet
application, I will soon be required to give users access to their
email/calendar information from Microsoft Exchange.
I've found a nice set of classes that seems to pretty seemlessly
integrate PHP with Exchange via WebDAV. (Wish this could be done over
SOAP, but that's another issue entirely.)
Here's the issue:

Currently, I authenticate all users via LDAP to our Active Directory
domain. Since the app. does authentication this way, I can save and
pass their username/password combo to Exchange to get data when needed.

Here's the problem however.

1. I need to encrypt the passwords for database storage. No way on this
green earth would I store password data in the clear. OK, I'll use the
PHP mcrypt functions to encrypt the pwd, and then be able to decrypt it
to send it to Exchange.
2. My real issue lies in giving the application carte blanche access to
users' passwords. Sure, it's encrypted, but it has to be 2-way
encryption so my app (And in turn I) have access to the actual
passwords themselves. Bothers me to know that (as well as our InfoSec
officer. :) ).

Any ideas on how to save users' passwords while keeping the privacy of
the data?

thanks!

Shawn

Jul 20 '06 #1
0 981

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by opt_inf_env | last post: by
3 posts views Thread by Gordon Knote | last post: by
3 posts views Thread by John Buchmann | last post: by
6 posts views Thread by VB Programmer | last post: by
5 posts views Thread by Nikolay Petrov | last post: by
14 posts views Thread by Usman | last post: by
13 posts views Thread by =?Utf-8?B?QWRhbSBT?= | last post: by
3 posts views Thread by Eric Wertman | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.