468,257 Members | 1,429 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,257 developers. It's quick & easy.

Active directory, password hash

107 100+

Im trying to create a secure login script for our company intranet.

I've created a class to interface with the active directory, so I can test logins by sending the username and password and i'll receive either true or false baclk.

However, I dont think it's a good idea to be sending plain text passwords around. I'd like to make an md5 hash of the password before sending it, which I can do in javascript. The problem is that I obviously cant use this to login to the active directory as it needs to be in plain text to login.

Does anyone know a simple but secure way to ensure the users password is safe while sending to the server, but still allowing for authentication from the active directory by the server??

Any help is much appreciated!

Jul 31 '08 #1
2 2783
5,058 Expert 4TB

There is really no point in hashing the password before sending it. Even though any malicious user won't be able to read the actual password, he could still just steal the hash and use that to log in.

The best way to do this would probably be to use TLS or SSL (the latter being the more popular one).
That would encrypt the entire HTTP request/response, making it extremely hard to steal any info.

It can be a little annoying to set up tho, and if you plan on making the program public, you would probably have to buy a valid certificate.
Jul 31 '08 #2
107 100+
ok thanks,

as this will be running as a company intranet I may try and avoid SSL and look for some alternatives to make the login more secure. Traffic between sites is encrypted anyway.

Maybe I can check the host is in the correct IP range of our network and/or do some of that random number stuff that ive seen sites using but dont understand, ha!

Aug 1 '08 #3

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

5 posts views Thread by Mario Rodriguez | last post: by
12 posts views Thread by JIM.H. | last post: by
9 posts views Thread by Patrick | last post: by
reply views Thread by Chung Leong | last post: by
reply views Thread by NPC403 | last post: by
reply views Thread by kermitthefrogpy | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.