Re: Password encryption

Herb

Thanks, I have source code to the database including ODBC server and
JDBC/ODBC clients. However my real goal is to avoid requiring the user to
share their password with any component of our code. Even it it is only
supported on Windows what I am really looking for is an AD client plugin that
can encrypt the password before passing it to us so we can remain ignorant of
the user's private credentials!

I'll explore the SDK route and kerbros tickets

Thanks

"Herb Martin" wrote:


"Paul Carlton" <Paul Carlton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F5232524-47D6-4228-8EEC-6BCB650D8DDB@xxxxxxxxxxxxxxxx
I am working on a project to integrate Active Directory with a database,
i.e.
support for AD integration so that customers can logon to our database
using
their AD user and password.

The problem I'm trying to overcome is that the user sends their password
as
clear text, i.e. they enter it into the ODBC/JDBC client. This means that
our ODBC/JDBC client and server code has access to this password in clear
text so a rouge developer could potentially capture user's password, which
they could use to access other company systems.

What I'd like is a client plug-in that the user could install that would
encrypt their password so the encrypted password could be passed through
our
database to the AD server. The AD server would then decrypt the password,
verify it and respond to the authentication request.

Does this facility exist?

Sort of except that AD doesn't "decrypt" the password but rather compares
the encrypted version (by the client/software) with another encrypted
version
that is stored on the server -- or uses those encrypted versions for
kerberos
ticket encryption (even when no passwords are transmitted.)

What you really want to do is add "Integrated Authentication" to your
database.

Is your "database" written by you or some (known) database you have
adopted?

Microsoft has or used to have an SDK freely available for doing such
things.

You could also create flag files or other objects which only the "user"
could open and then use those to prove that the AD identity had been
authenticated (but this is actually the kludgy way.)

You might also do better asking this on one of the ADSI or other
programming newsgroups.



.

Relevant Pages

  • Re: Help with first VB application - Data Entry form
    ... I assumed a desktop / winform client application ... time' stamp from the database machine - control machine ... ... problem solved - web server is control system. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Help with first VB application - Data Entry form
    ... I assumed a desktop / winform client application ... time' stamp from the database machine - control machine ... ... problem solved - web server is control system. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Remobjects v KBM
    ... >> client query components) follow from that. ... Then, connections can be created to say SQL Server, Oracle, Interbase and ... can then be created from the abstract dataset definition in 'customers' to ... implicitly - this makes your code not be database connection specific). ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Help with first VB application - Data Entry form
    ... stamp from the database machine - control machine ... ... unnecessary data to the client ... ... and when building a database independent UI / Client - Server application, ... JavaScript, for example) and thus, will get the time from the web server, ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Opinions needed about the best "Middleware suite" kbmMW vs. RODA
    ... kbmMW supports cross db in such way that all you need to do in your application is to set one property to switch to ... What one have to concentrate about is minimizing the amount of data moved from the app server to the client. ... C/S setup's usually have a quite active chatter going on between the client and the database, ...
    (borland.public.delphi.thirdpartytools.general)