duanchuli5647 2013-04-15 02:20
浏览 279
已采纳

与LDAP服务器的安全连接

I am using a hash to encrypt and decrypt my passwords which I am sending to a cass construct. Exampled below: 

 public static function HashPassword ($Password){
        $salt = self::$Salt;
        return trim
            (base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $Password, MCRYPT_MODE_ECB, mcrypt_create_iv(
            mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
    }//Get hashed Password

Then the decrypted which is in a protected static function

 protected static function DecryptPassword($Password){
        $salt = self::$Salt;
        return trim
                (mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt,base64_decode($Password), MCRYPT_MODE_ECB, mcrypt_create_iv(
                mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
    } // Decrypt the password

I am then calling the connection via: 

$Connection = LDAP::Connect('LDAPSERVER','LDAPLOGIN','onVidHn5r4WNyxzlDHD8TvUY9AjyiHg+ZC5PoOhIXkU=');

For security reasons, I have implimented a dummy password and hidden my server credentials.

The connect function : 

 public static function Connect($Host,$Username,$Password){
        self::$Host = $Host;
        self::$Admin = $Username;
        //Assign to global variables to be used throughout this framework
            $Password = self::DecryptPassword($Password);
        self::$Password = $Password; // Assign the decrypted password

        $LDAPServer = ldap_connect($Host);
        $Connect = ldap_bind($LDAPServer,$Username,$Password);
        if (!$Connect){
            die ("Cannot Connect To LDAP Server");
        }
    }

My overall question is that is this a valid method of security for transmitting the password with a secret salt to my API?

it's preference for me not to input passwords as plain text: 

ldap_bind('host','user@server','PlainTextPassword');

The above is an example, which to my preference is something I cannot accept.

So Is this a valid method to securely connect to my LDAP server using the TCP protocol?

Although the looks of this question, I can confirm that I can successfully connect to my LDAP server providing the right credentials are input; so this is not a problem. I'm merly asking from a security aspect, without my the security knowledge, I do not wish to compromise the data or the server in anyway shape or form, hence why this is in production phases and only accessible to one user which is myself.

  • 写回答

1条回答 默认 最新

  • doudeng3008 2013-04-16 15:29
    关注

    This is completely pointless, I'm afraid.

    This does not give you any additional security in terms of establishing the connection to the server, as the password is still transmitted to the server in its decrypted form. The only thing this does is obfuscate the password in your source code - and I say "obfuscate" rather than "encrypt" because all the necessary information to decrypt the password to its source text is also contained within your source code.

    So Is this a valid method to securely connect to my LDAP server using the TCP protocol?

    No. If you want a secure connection, you will need to use LDAP over SSL.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 关于用python写支付宝扫码付异步通知收不到的问题
  • ¥50 vue组件中无法正确接收并处理axios请求
  • ¥15 隐藏系统界面pdf的打印、下载按钮
  • ¥15 MATLAB联合adams仿真卡死如何解决(代码模型无问题)
  • ¥15 基于pso参数优化的LightGBM分类模型
  • ¥15 安装Paddleocr时报错无法解决
  • ¥15 python中transformers可以正常下载,但是没有办法使用pipeline
  • ¥50 分布式追踪trace异常问题
  • ¥15 人在外地出差,速帮一点点
  • ¥15 如何使用canvas在图片上进行如下的标注,以下代码不起作用,如何修改