On Sun, 18 Nov 2001 11:58:20 -0600, Troy Moreland wrote: >Can anyone give me details on how to make my PHP-LDAP application >secure? I have two unsecure issues: > >1) I can't figure out how to get SSL to work.
What do you mean, getting SSL to work? Its just working if you have a valid SSL certificate, and you communicate over port 443. All your URLs need to start with https to indicate that its a secure channel, eg. https://www.whatever.com. >2) I'm using sessions to store ID and password but the passwords >are in clear text on the server. I'm running PHP on the W2K >platform and no one has been able to help me with encrypting on this >platform. Well, this is really not a platform problem, but it depends on what you are storing the passwords in. Is it stored in a textfile, or a database? MySQL have a very nice password feature which will encrypt your users password, use the password field type to get them encrypted. But I need some more info regarding your solution here to help you out properly I guess... Cheers, Egil -=// Egil Helland / IKON AS - MCSE, Internet, Intranet mailto:[EMAIL PROTECTED] http://egil.net //=- -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
