I have to store password in session for change attributes in other page right?
Ex:I logged in the page "authenticate.php" and was redirected "menu.php".
I would like to change the telephone and website, in the page "menu.php" so I have to use the password again
"$adldap->authenticate($username, $password)"
"$adldap->user()->modify($username, array("telephone"=>'00000000',"web_page"=>'http://mydomain.com'));"
What is the best practice recommended, for security ?
Is that correct to store password in session?
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My current system allows users to query the AD directly, so I have been storing their credentials in session variables. I also need users to access a database that is authenticated by AD, so the session variables are used there as well.
The new system they are implementing won't allow the user credentials to query AD directly, so I believe I will need to hard code the credentials that do have access for all AD queries.
Unfortunately I cannot work out any way to then authenticate the users, so unless some kind expert has an answer for my above lnked question, I don't know what I can do other than forget about using AD... which would be very dissappointing :(
With regards to security, other than to say as long as you are using https for your site, and ssl or tls for your AD queries, I think it should be ok. But I'm no expert on security, that is just based on my experience with past projects.
Cheers,
Sean.
(minor edit trying to work out how links work on this forum)
Last edit: kpable 2015-10-02
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi people!
I have to store password in session for change attributes in other page right?
Ex:I logged in the page "authenticate.php" and was redirected "menu.php".
I would like to change the telephone and website, in the page "menu.php" so I have to use the password again
"$adldap->authenticate($username, $password)"
"$adldap->user()->modify($username, array("telephone"=>'00000000',"web_page"=>'http://mydomain.com'));"
What is the best practice recommended, for security ?
Is that correct to store password in session?
Thanks.
Also have the same sort of question.
I'd like to query the AD after the login page.
From my undestanding you need a username and password to do the query, so how does one go about that once someone has logged in?
Is the solution really to store the password in a session variable?
I suppose another option could be to hard code a generic username and password right into the php code... thoughts?
Last edit: Jesse Gibson 2015-09-11
Hi Nalcon/Jesse,
This is somewhat related to the question I asked as well
Authenticate users with admin credentials?
My current system allows users to query the AD directly, so I have been storing their credentials in session variables. I also need users to access a database that is authenticated by AD, so the session variables are used there as well.
The new system they are implementing won't allow the user credentials to query AD directly, so I believe I will need to hard code the credentials that do have access for all AD queries.
Unfortunately I cannot work out any way to then authenticate the users, so unless some kind expert has an answer for my above lnked question, I don't know what I can do other than forget about using AD... which would be very dissappointing :(
With regards to security, other than to say as long as you are using https for your site, and ssl or tls for your AD queries, I think it should be ok. But I'm no expert on security, that is just based on my experience with past projects.
Cheers,
Sean.
(minor edit trying to work out how links work on this forum)
Last edit: kpable 2015-10-02