hard coded password protection

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Trying to get Windows AD LDAP working to recognize who is accessing the
page... I have successfully grabbed the user credentials and passed
them off to LDAP, but that required me to pass off a hard coded Userid
and password. Since this server is on our corporate network. Is there a
way to either:

1) Grab the userid/password of the client and use them to access the
windows LDAP server withouth having to give out my own? or

2) Protect the "include" so that a user could not "path" to the server
(\server\directory\phpscripts\includes\password.php) and view the php
file, while allowing the WWW browser access to the file.


Re: hard coded password protection

Carl Hilton wrote:
Quoted text here. Click to load it

Getting the user's userid/password would be a HUGE security risk! I can
just imagine what a malicious site could do.  Doesn't matter if it's in
internal corporate network - it could still be abused so easily (i.e.
collecting the userid/password of the Pres, HR, Payroll...).

As to keeping them from viewing the file - don't put it in a directory
accessible to the network.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline