duanchuli5647 2013-04-14 18:20
浏览 279
已采纳

与LDAP服务器的安全连接

I am using a hash to encrypt and decrypt my passwords which I am sending to a cass construct. Exampled below:

 public static function HashPassword ($Password){
        $salt = self::$Salt;
        return trim
            (base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $Password, MCRYPT_MODE_ECB, mcrypt_create_iv(
            mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
    }//Get hashed Password

Then the decrypted which is in a protected static function

 protected static function DecryptPassword($Password){
        $salt = self::$Salt;
        return trim
                (mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt,base64_decode($Password), MCRYPT_MODE_ECB, mcrypt_create_iv(
                mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
    } // Decrypt the password

I am then calling the connection via:

$Connection = LDAP::Connect('LDAPSERVER','LDAPLOGIN','onVidHn5r4WNyxzlDHD8TvUY9AjyiHg+ZC5PoOhIXkU=');

For security reasons, I have implimented a dummy password and hidden my server credentials.

The connect function :

 public static function Connect($Host,$Username,$Password){
        self::$Host = $Host;
        self::$Admin = $Username;
        //Assign to global variables to be used throughout this framework
            $Password = self::DecryptPassword($Password);
        self::$Password = $Password; // Assign the decrypted password

        $LDAPServer = ldap_connect($Host);
        $Connect = ldap_bind($LDAPServer,$Username,$Password);
        if (!$Connect){
            die ("Cannot Connect To LDAP Server");
        }
    }

My overall question is that is this a valid method of security for transmitting the password with a secret salt to my API?

it's preference for me not to input passwords as plain text:

ldap_bind('host','user@server','PlainTextPassword');

The above is an example, which to my preference is something I cannot accept.

So Is this a valid method to securely connect to my LDAP server using the TCP protocol?

Although the looks of this question, I can confirm that I can successfully connect to my LDAP server providing the right credentials are input; so this is not a problem. I'm merly asking from a security aspect, without my the security knowledge, I do not wish to compromise the data or the server in anyway shape or form, hence why this is in production phases and only accessible to one user which is myself.

展开全部

  • 写回答

1条回答 默认 最新

  • doudeng3008 2013-04-16 07:29
    关注

    This is completely pointless, I'm afraid.

    This does not give you any additional security in terms of establishing the connection to the server, as the password is still transmitted to the server in its decrypted form. The only thing this does is obfuscate the password in your source code - and I say "obfuscate" rather than "encrypt" because all the necessary information to decrypt the password to its source text is also contained within your source code.

    So Is this a valid method to securely connect to my LDAP server using the TCP protocol?

    No. If you want a secure connection, you will need to use LDAP over SSL.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
编辑
预览

报告相同问题?

悬赏问题

  • ¥15 pycharm倒入虚拟环境的时候,显示这个,但是我的虚拟环境已经创建了
  • ¥15 FPGA芯片60进制计数器
  • ¥15 前端js怎么实现word的.doc后缀文件在线预览
  • ¥20 macmin m 4连接iPad
  • ¥15 DBIF_REPO_SQL_ERROR
  • ¥15 根据历年月数据,用Stata预测未来六个月汇率
  • ¥15 DevEco studio开发工具 真机联调找不到手机设备
  • ¥15 请教前后端分离的问题
  • ¥100 冷钱包突然失效,急寻解决方案
  • ¥15 下载honeyd时报错 configure: error: you need to instal a more recent version of libdnet
手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部