Re: Password encryption

From: "Herb Martin" <news@xxxxxxxxxxxxxx>
Date: Mon, 19 May 2008 08:56:07 -0500

"Paul Carlton" <Paul Carlton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F5232524-47D6-4228-8EEC-6BCB650D8DDB@xxxxxxxxxxxxxxxx

I am working on a project to integrate Active Directory with a database,
i.e.
support for AD integration so that customers can logon to our database
using
their AD user and password.

The problem I'm trying to overcome is that the user sends their password
as
clear text, i.e. they enter it into the ODBC/JDBC client. This means that
our ODBC/JDBC client and server code has access to this password in clear
text so a rouge developer could potentially capture user's password, which
they could use to access other company systems.

What I'd like is a client plug-in that the user could install that would
encrypt their password so the encrypted password could be passed through
our
database to the AD server. The AD server would then decrypt the password,
verify it and respond to the authentication request.

Does this facility exist?

Sort of except that AD doesn't "decrypt" the password but rather compares
the encrypted version (by the client/software) with another encrypted
version
that is stored on the server -- or uses those encrypted versions for
kerberos
ticket encryption (even when no passwords are transmitted.)

What you really want to do is add "Integrated Authentication" to your
database.

Is your "database" written by you or some (known) database you have
adopted?

Microsoft has or used to have an SDK freely available for doing such
things.

You could also create flag files or other objects which only the "user"
could open and then use those to prove that the AD identity had been
authenticated (but this is actually the kludgy way.)

You might also do better asking this on one of the ADSI or other
programming newsgroups.

.

Follow-Ups:
- Re: Password encryption
  - From: Paul Carlton

References:
- Password encryption
  - From: Paul Carlton

Prev by Date: Re: Csharp code to add an AD user to an AD group?
Next by Date: Re: Password encryption
Previous by thread: Password encryption
Next by thread: Re: Password encryption
Index(es):
- Date
- Thread

Relevant Pages

Re: Password encryption
... I have source code to the database including ODBC server and ... can encrypt the password before passing it to us so we can remain ignorant ... support for AD integration so that customers can logon to our database ... i.e. they enter it into the ODBC/JDBC client. ...
(microsoft.public.windows.server.active_directory)
Re: Can web site data be protected from access by the webmasters?
... create a development database with junk data. ... the changes to a staging server that uses the junk data. ... > I have advised the client to be wary of security. ... > But I don't see that there could be any way to completely encrypt that ...
(microsoft.public.sqlserver.security)
Re: Password encryption
... support for AD integration so that customers can logon to our database ... i.e. they enter it into the ODBC/JDBC client. ... our ODBC/JDBC client and server code has access to this password in clear ... encrypt their password so the encrypted password could be passed through ...
(microsoft.public.windows.server.active_directory)
Re: subtext search in encrypted text
... > that would mean that all clients would need to possess all the ... > keys that are used to encrypt the database. ... > server, but it does not seem to help when the clients are the most ...
(sci.crypt)
RE: Moving encrypted database
... I understand that you have an encrypted 2005 database and you want to move ... On a SQL server, create a database/table, Master key, Certificate, ... If this is not the method you use to encrypt the data, ... Microsoft Online Community Support ...
(microsoft.public.sqlserver.tools)