duanchuli5647 2013-04-15 02:20
浏览 279
已采纳

与LDAP服务器的安全连接

I am using a hash to encrypt and decrypt my passwords which I am sending to a cass construct. Exampled below: 

 public static function HashPassword ($Password){
        $salt = self::$Salt;
        return trim
            (base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $Password, MCRYPT_MODE_ECB, mcrypt_create_iv(
            mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
    }//Get hashed Password

Then the decrypted which is in a protected static function

 protected static function DecryptPassword($Password){
        $salt = self::$Salt;
        return trim
                (mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt,base64_decode($Password), MCRYPT_MODE_ECB, mcrypt_create_iv(
                mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
    } // Decrypt the password

I am then calling the connection via: 

$Connection = LDAP::Connect('LDAPSERVER','LDAPLOGIN','onVidHn5r4WNyxzlDHD8TvUY9AjyiHg+ZC5PoOhIXkU=');

For security reasons, I have implimented a dummy password and hidden my server credentials.

The connect function : 

 public static function Connect($Host,$Username,$Password){
        self::$Host = $Host;
        self::$Admin = $Username;
        //Assign to global variables to be used throughout this framework
            $Password = self::DecryptPassword($Password);
        self::$Password = $Password; // Assign the decrypted password

        $LDAPServer = ldap_connect($Host);
        $Connect = ldap_bind($LDAPServer,$Username,$Password);
        if (!$Connect){
            die ("Cannot Connect To LDAP Server");
        }
    }

My overall question is that is this a valid method of security for transmitting the password with a secret salt to my API?

it's preference for me not to input passwords as plain text: 

ldap_bind('host','user@server','PlainTextPassword');

The above is an example, which to my preference is something I cannot accept.

So Is this a valid method to securely connect to my LDAP server using the TCP protocol?

Although the looks of this question, I can confirm that I can successfully connect to my LDAP server providing the right credentials are input; so this is not a problem. I'm merly asking from a security aspect, without my the security knowledge, I do not wish to compromise the data or the server in anyway shape or form, hence why this is in production phases and only accessible to one user which is myself.

  • 写回答

1条回答 默认 最新

  • doudeng3008 2013-04-16 15:29
    关注

    This is completely pointless, I'm afraid.

    This does not give you any additional security in terms of establishing the connection to the server, as the password is still transmitted to the server in its decrypted form. The only thing this does is obfuscate the password in your source code - and I say "obfuscate" rather than "encrypt" because all the necessary information to decrypt the password to its source text is also contained within your source code.

    So Is this a valid method to securely connect to my LDAP server using the TCP protocol?

    No. If you want a secure connection, you will need to use LDAP over SSL.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么