donglang5157 2013-08-04 23:37
浏览 680
已采纳

使用SSL验证LDAP / Active Directory登录

I recently purchased an SSL certificate for a domain, let's call it mydomain.com. I have a login script which I'm using to authenticate against a client's Active Directory service. I have no real access to their server at all, although they have whitelisted my server so that I can verify whether their login credentials are correct or not.

Let's say that the clients enter their login info on a page with URL https://www.mydomain.com/login.php. I have tested the PHP script which I have written using a test account provided by the client, and it does correctly identify whether or not the provided username/password combination is correct. However, is the login information really being encrypted as it is sent? Do I need access to a certificate on my client's AD server to make sure that the login is secure? As I understand it, since I'm the one sending the information to the client, and I have an SSL certificate in place, the login information should be encrypted. I am assuming that all that the AD server is sending to me is basically a true/false response on whether or not the credentials are correct, which should not require encryption.

Is my understanding of this process correct? I'd genuinely appreciate any insight you could provide. Thanks!

  • 写回答

1条回答 默认 最新

  • douze1332 2013-08-05 08:00
    关注

    Here is the picture I get from you question

    web browser --(1)--> your-domian.com --(2)--> your client's AD server
    

    So you have purchased an SSL certificate for your-domain.com, so connection (1) is over SSL and all data is encrypted. However this speaks nothing about the connection to the AD server.

    Connection (2) may be over SSL, TLS or be plain connection. In other words you need to check what your login.php is doing behind the scenes to authenticate in AD. If the connection it uses is SSL or TLS your data is encrypted on that stage, otherwise it is not.

    So you are correct only in half. The data between the browser and your domain is encrypted, but the data between your domain and the AD server may or may not be.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 iqoo11 如何下载安装工程模式
  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 蓝桥杯单片机第十三届第一场,整点继电器吸合,5s后断开出现了问题
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?