Hi,
Im trying to create a secure login script for our company intranet.
I've created a class to interface with the active directory, so I can test logins by sending the username and password and i'll receive either true or false baclk.
However, I dont think it's a good idea to be sending plain text passwords around. I'd like to make an md5 hash of the password before sending it, which I can do in javascript. The problem is that I obviously cant use this to login to the active directory as it needs to be in plain text to login.
Does anyone know a simple but secure way to ensure the users password is safe while sending to the server, but still allowing for authentication from the active directory by the server??
Any help is much appreciated!
Andy