I am using a hash to encrypt and decrypt my passwords which I am sending to a cass construct. Exampled below:
public static function HashPassword ($Password){
$salt = self::$Salt;
return trim
(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $Password, MCRYPT_MODE_ECB, mcrypt_create_iv(
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
}//Get hashed Password
Then the decrypted which is in a protected static function
protected static function DecryptPassword($Password){
$salt = self::$Salt;
return trim
(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt,base64_decode($Password), MCRYPT_MODE_ECB, mcrypt_create_iv(
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
} // Decrypt the password
I am then calling the connection via:
$Connection = LDAP::Connect('LDAPSERVER','LDAPLOGIN','onVidHn5r4WNyxzlDHD8TvUY9AjyiHg+ZC5PoOhIXkU=');
For security reasons, I have implimented a dummy password and hidden my server credentials.
The connect function :
public static function Connect($Host,$Username,$Password){
self::$Host = $Host;
self::$Admin = $Username;
//Assign to global variables to be used throughout this framework
$Password = self::DecryptPassword($Password);
self::$Password = $Password; // Assign the decrypted password
$LDAPServer = ldap_connect($Host);
$Connect = ldap_bind($LDAPServer,$Username,$Password);
if (!$Connect){
die ("Cannot Connect To LDAP Server");
}
}
My overall question is that is this a valid method of security for transmitting the password with a secret salt to my API?
it's preference for me not to input passwords as plain text:
ldap_bind('host','user@server','PlainTextPassword');
The above is an example, which to my preference is something I cannot accept.
So Is this a valid method to securely connect to my LDAP server using the TCP protocol?
Although the looks of this question, I can confirm that I can successfully connect to my LDAP server providing the right credentials are input; so this is not a problem. I'm merly asking from a security aspect, without my the security knowledge, I do not wish to compromise the data or the server in anyway shape or form, hence why this is in production phases and only accessible to one user which is myself.