Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- hard coded password protection
- Carl Hilton
April 13, 2005, 9:57 am
rate this thread
Trying to get Windows AD LDAP working to recognize who is accessing the
page... I have successfully grabbed the user credentials and passed
them off to LDAP, but that required me to pass off a hard coded Userid
and password. Since this server is on our corporate network. Is there a
way to either:
1) Grab the userid/password of the client and use them to access the
windows LDAP server withouth having to give out my own? or
2) Protect the "include" so that a user could not "path" to the server
(\server\directory\phpscripts\includes\password.php) and view the php
file, while allowing the WWW browser access to the file.
Re: hard coded password protection
Carl Hilton wrote:
Getting the user's userid/password would be a HUGE security risk! I can
just imagine what a malicious site could do. Doesn't matter if it's in
internal corporate network - it could still be abused so easily (i.e.
collecting the userid/password of the Pres, HR, Payroll...).
As to keeping them from viewing the file - don't put it in a directory
accessible to the network.
Remove the "x" from my email address
JDS Computer Training Corp.