473,406 Members | 2,956 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > active directory, password hash

Join Bytes to post your question to a community of 473,406 software developers and data experts.

Active directory, password hash

107 100+
Hi,

Im trying to create a secure login script for our company intranet.

I've created a class to interface with the active directory, so I can test logins by sending the username and password and i'll receive either true or false baclk.

However, I dont think it's a good idea to be sending plain text passwords around. I'd like to make an md5 hash of the password before sending it, which I can do in javascript. The problem is that I obviously cant use this to login to the active directory as it needs to be in plain text to login.

Does anyone know a simple but secure way to ensure the users password is safe while sending to the server, but still allowing for authentication from the active directory by the server??


Any help is much appreciated!


Andy
Jul 31 '08 #1
2 3084
Atli
5,058 Expert 4TB
Hi.

There is really no point in hashing the password before sending it. Even though any malicious user won't be able to read the actual password, he could still just steal the hash and use that to log in.

The best way to do this would probably be to use TLS or SSL (the latter being the more popular one).
That would encrypt the entire HTTP request/response, making it extremely hard to steal any info.

It can be a little annoying to set up tho, and if you plan on making the program public, you would probably have to buy a valid certificate.
Jul 31 '08 #2
theS70RM
107 100+
ok thanks,

as this will be running as a company intranet I may try and avoid SSL and look for some alternatives to make the login more secure. Traffic between sites is encrypted anyway.

Maybe I can check the host is in the correct IP range of our network and/or do some of that random number stuff that ive seen sites using but dont understand, ha!


Andy
Aug 1 '08 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

5
Obtaining the password of an active directory user
by: Mario Rodriguez | last post by:
Hi people, Does anyone have some idea how to get the password of an active directory user? I tried using the DirectorySearcher object to find the user and the DirectoryEntry.Password property to...
.NET Framework
12
Q: searching active directory
by: JIM.H. | last post by:
Hello, Here is my code that I got from internet and I am assuming this give me e-mail address of the people in the active directory. Private Sub Page_Load(ByVal sender As System.Object, ByVal e...
ASP.NET
9
"Sudden" Active Directory error on ASP.NET
by: Patrick | last post by:
I have an ASP.NET page that searches for someone in the corporate Active Directory. It had been working fine until recently when I changed from Basic Authentication on IIS6 back to Integrated...
ASP.NET
6
urgent help on Active Directory Authentication from dotnet
by: varkey.mathew | last post by:
Dear all, Bear with me, a poor newbie(atleast in AD).. I have to authenticate a user ID and password for a user as a valid Active Directory user or not. I have created the IsAuthenticated...
ASP.NET
10
Windows Authentication through Active Directory
by: Hriday | last post by:
Hi there, Please help me..It is urgent This is Hriday, working on windows authentication with Active Directory... My requirment is when a user sends a request to my web Applicatoin I want to...
Visual Basic .NET
2
Active Directory LDAP Authentication Fails in IIS 6
by: P Webster | last post by:
We recently moved a web site that validated user credentials in Active Directory from IIS 5.1 to IIS 6, and the validation code no longer works. The web.config file is set to Windows authentication...
ASP.NET
0
Retrieving information from Active Directory through OLE-DB
by: Chung Leong | last post by:
In this brief tutorial I'll describe how you retrieve information from an Active Directory through the OLE-DB extension. While it is possible to use the LDAP extension to achieve the same goal, as...
PHP
5
Ldap search within active directory for authentication via ASP
by: wak0 | last post by:
Hi, I hope you guys can help me. I need to build a form that request username and password on ASP not ASP.net (sorry to clarify but i got some responses in other forums in .net) This form will...
ASP / Active Server Pages
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!