473,325 Members | 2,608 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

CHAP Authentication

I have to build a simple login page using CHAP to authenticate users
in a DB. Can anyone explain how its done in simple steps? example of
code would be great.

thx

Nov 20 '07 #1
9 2579

"Abu Hamza" <al****@sunnipath.comwrote in message
news:fb**********************************@w28g2000 hsf.googlegroups.com...
>I have to build a simple login page using CHAP to authenticate users
in a DB. Can anyone explain how its done in simple steps? example of
code would be great.
why chap?!
Nov 20 '07 #2
On Nov 20, 9:12 pm, "Steve" <no....@example.comwrote:
"Abu Hamza" <ali...@sunnipath.comwrote in message

news:fb**********************************@w28g2000 hsf.googlegroups.com...
I have to build a simple login page using CHAP to authenticate users
in a DB. Can anyone explain how its done in simple steps? example of
code would be great.

why chap?!
The company I work for wants this. I don't know why but whats wrong
with it?
Nov 20 '07 #3
Abu Hamza wrote:
On Nov 20, 9:12 pm, "Steve" <no....@example.comwrote:
>"Abu Hamza" <ali...@sunnipath.comwrote in message

news:fb**********************************@w28g200 0hsf.googlegroups.com...
>>I have to build a simple login page using CHAP to authenticate users
in a DB. Can anyone explain how its done in simple steps? example of
code would be great.
why chap?!

The company I work for wants this. I don't know why but whats wrong
with it?
its pretty damned weird - its normally used in PPP streams only.

I don't think you really want to do this..i'd get clarification.
Nov 20 '07 #4
On 20 Nov, 16:52, The Natural Philosopher <a...@b.cwrote:
Abu Hamza wrote:
On Nov 20, 9:12 pm, "Steve" <no....@example.comwrote:
"Abu Hamza" <ali...@sunnipath.comwrote in message
>news:fb**********************************@w28g200 0hsf.googlegroups.com...
>I have to build a simple login page using CHAP to authenticate users
in a DB. Can anyone explain how its done in simple steps? example of
code would be great.
why chap?!
The company I work for wants this. I don't know why but whats wrong
with it?

its pretty damned weird - its normally used in PPP streams only.

I don't think you really want to do this..i'd get clarification.
Maybe he just means a challenge based hash system to avoid sending
passwords in clear text. Or maybe he means CHAP as implemented in PPP,
or maybe he means CHAP as implemented by Microsoft for PPP.

In the case of the former, see
http://groups.google.co.uk/group/com...gst&q=MD5+salt

C.
Nov 21 '07 #5

"C. (http://symcbean.blogspot.com/)" <co************@gmail.comwrote in
message
news:f4**********************************@f3g2000h sg.googlegroups.com...
On 20 Nov, 16:52, The Natural Philosopher <a...@b.cwrote:
>Abu Hamza wrote:
On Nov 20, 9:12 pm, "Steve" <no....@example.comwrote:
"Abu Hamza" <ali...@sunnipath.comwrote in message
>>news:fb**********************************@w28g20 00hsf.googlegroups.com...
>>I have to build a simple login page using CHAP to authenticate users
in a DB. Can anyone explain how its done in simple steps? example of
code would be great.
why chap?!
The company I work for wants this. I don't know why but whats wrong
with it?

its pretty damned weird - its normally used in PPP streams only.

I don't think you really want to do this..i'd get clarification.

Maybe he just means a challenge based hash system to avoid sending
passwords in clear text. Or maybe he means CHAP as implemented in PPP,
or maybe he means CHAP as implemented by Microsoft for PPP.
and maybe the price of tea in china really is quite useless
information...and maybe...

wtfc!
Nov 21 '07 #6
"C. (http://symcbean.blogspot.com/)" <co************@gmail.comwrote in
message news:f41b190d-7b7b-482c-9bee-
On 20 Nov, 16:52, The Natural Philosopher <a...@b.cwrote:
Maybe he just means a challenge based hash system to avoid sending
passwords in clear text. Or maybe he means CHAP as implemented in PPP,
or maybe he means CHAP as implemented by Microsoft for PPP.

In the case of the former, see
http://groups.google.co.uk/group/com...gst&q=MD5+salt
In my experience, when a non-techie customer says something like that, it's
because someone somewhere told them CHAP was important, and it just got
stuck in their craw.
It's usually not wise to try to "correct" them.
The best way to deal with something like that is to ensure that you do
perform some kind of Challenge/Authentication; call it a "protocol"; and
explain that you're already on the right track with their state goal.

It accomlishes several things.
1. It reassures them that they have not been duped by previous contractors.
2. It reassures them that you are not trying to dupe them.
3. It meets the spec, rather than trying to change the spec.

That last one is VERY important.

Nov 21 '07 #7
Sanders Kaufman wrote:
"C. (http://symcbean.blogspot.com/)" <co************@gmail.comwrote in
message news:f41b190d-7b7b-482c-9bee-
>On 20 Nov, 16:52, The Natural Philosopher <a...@b.cwrote:
>Maybe he just means a challenge based hash system to avoid sending
passwords in clear text. Or maybe he means CHAP as implemented in PPP,
or maybe he means CHAP as implemented by Microsoft for PPP.

In the case of the former, see
http://groups.google.co.uk/group/com...gst&q=MD5+salt

In my experience, when a non-techie customer says something like that, it's
because someone somewhere told them CHAP was important, and it just got
stuck in their craw.
It's usually not wise to try to "correct" them.
The best way to deal with something like that is to ensure that you do
perform some kind of Challenge/Authentication; call it a "protocol"; and
explain that you're already on the right track with their state goal.

It accomlishes several things.
1. It reassures them that they have not been duped by previous contractors.
2. It reassures them that you are not trying to dupe them.
3. It meets the spec, rather than trying to change the spec.

That last one is VERY important.
"Its better than CHAP"
Nov 21 '07 #8
"The Natural Philosopher" <a@b.cwrote in message
news:11****************@proxy00.news.clara.net...
Sanders Kaufman wrote:
>The best way to deal with something like that is to ensure that you do
perform some kind of Challenge/Authentication; call it a "protocol"; and
explain that you're already on the right track with their state goal.

It accomlishes several things.
1. It reassures them that they have not been duped by previous
contractors.
2. It reassures them that you are not trying to dupe them.
3. It meets the spec, rather than trying to change the spec.

That last one is VERY important.
"Its better than CHAP"
Yeah, boi - that's what I'm talin' bout!
Ya say, "I gotcher back on this one. I've implemented a *proprietary* CHAP
protocol - one not used by others, and thus faaaar more secure."
Then ya tack on an extra C-Note to the invoice for "enhanced, custom
security".

Nov 22 '07 #9


Nov 22 '07 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Michael Foord | last post by:
#!/usr/bin/python -u # 15-09-04 # v1.0.0 # auth_example.py # A simple script manually demonstrating basic authentication. # Copyright Michael Foord # Free to use, modify and relicense. #...
8
by: Bob Everland | last post by:
I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no...
9
by: Tom B | last post by:
In my web.config file I've specified Windows for the authentication, in IIS I've set it to Integrated Authentication. But my SQL connection is still showing Anonymous. Is there somewhere else I...
10
by: Justin Dutoit | last post by:
Hey. I'm still not experienced at error handling, and I need to know if Try.. Catch blocks are meant to be used to handle errors in your own app, ie bugs. Or, are they only for external things like...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.