LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-26-2005, 05:30 AM   #1
[GOD]Anck
Member
 
Registered: Dec 2003
Location: The Netherlands
Distribution: Slackware
Posts: 171

Rep: Reputation: 33
phpldapadmin & clear text cookies


After installing openldap I needed a tool to manage it. I did some searching and it seems that phpldapadmin is the most popular one. I've installed that and set auth_type='cookie' in the config file. Now when I connect, my browser stores cookies containing my dn and password, both in clear text. The cookies expire and are removed when the session is ended, but still, I don't feel 100% comfortable. Would it be more secure to use auth_type='session' instead, or would I just be moving the clear text login / password from the client to the server?

Also, would anyone recommend a different tool to administer an openldap directory?
 
Old 01-26-2005, 09:47 AM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
I would use auth_type='session' myself. If a password is being stored in a cookie, then that application has some VERY sersious security issues.
 
Old 01-29-2005, 01:29 PM   #3
uugdave
LQ Newbie
 
Registered: Jan 2005
Posts: 3

Rep: Reputation: 0
As of phpLDAPadmin version 0.9.5, the password and DN are encrypted with blowfish in the cookie. Give it a try: http://www.phpldapadmin.com
 
Old 01-31-2005, 04:08 AM   #4
[GOD]Anck
Member
 
Registered: Dec 2003
Location: The Netherlands
Distribution: Slackware
Posts: 171

Original Poster
Rep: Reputation: 33
SourceForge mirrors don't seem to have that release on it...?
 
Old 01-31-2005, 07:41 AM   #5
uugdave
LQ Newbie
 
Registered: Jan 2005
Posts: 3

Rep: Reputation: 0
They probably will soon. In the mean time, go to the URL I provided (phppldapadmin.com).

--Dave
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
lynx & dillo: how to manage cookies? eeried Linux - Newbie 2 06-17-2005 11:03 AM
If you use secure IMAP, does your password go clear text? cryptosporidium Linux - Security 1 03-25-2004 02:11 AM
Knoppix & Cookies NoviceW Linux - General 1 02-10-2004 02:06 PM
Mozilla Thunderbird && plain text messages. Bogdan Linux - Software 1 02-03-2004 10:25 AM
clear recent list, edit reopened text file obby Linux - General 0 09-17-2003 08:30 AM


All times are GMT -5. The time now is 10:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration