How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...Understanding the Security Implication of Active Directory Default Settings Part II of An Audit of Active Directory Security
"Nothing is more damaging to a new truth than an old error"
...An Audit of Active Directory Security, Part Three: Understanding LDAP, SASL, and Kerberos in the Context of AD security.
"Nothing is more damaging to a new truth than an old error"
...security too secure
Summary: security too secure
The security thing won't let me in this sight no matter how I accept,
confirm, get certificate, etc.
Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4
From URL: http://hendrix.mozilla.org/
Note to readers: Hendrix gives no expectation of a response to this feedback
but if you wish to provide one you must BCC (not CC) the sender for them to
...when is secure, secure?
I wrote a custom authentication handler for PureFTPD, using a combination of
authentication methods, for about 4 different types of users.
So far, from testing it, it does look to work properly, and does it's job
pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and
use warnings, and the code returns no errors or warnings when run.
I am right to presume that this basically only really tells me the my syntax
and structure of the application is right? What's a good way to see whether
it is actually SECURE... There is a couple of lines of...How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I
have learned how to protect my PC from the inside out. But what about
security risks to my info 'before' it gets to my computer? Like my mail
box on the server. Could someone hack into that and thumb through my
If so, how would I ever know?
(The short story)
We have a rogue employee at my work who one day decided to run the web
site, she got in tight with the ISP, got tools to set and delete
passwords on a protected directory on the server. Who knows if she has
telnet access to other things, li...LDAP AuthenticationTypes.Secure
So when i use
DirectoryEntry MyDirectoryObject = new DirectoryEntry(ConfigurationSettings.AppSettings["strLDAP_Path"].ToString(), ConfigurationSettings.AppSettings["LDAP_Username"].ToString(), ConfigurationSettings.AppSettings["LDAP_Password"].ToString(), AuthenticationTypes.Serverbind);
I can work with LDAP no problem, create new users etc..
But when I use
DirectoryEntry MyDirectoryObject = new DirectoryEntry(ConfigurationSettings.AppSettings["strLDAP_Path"].ToString(), ConfigurationSettings.AppSettings["LDAP_Username"]...4 issues with Net::LDAP and Active Directory
I have 4 issues which I do not understand and I have searched the
Net::LDAP documentation up and down and cannot figure it out.
1. pwdLastSet is only available for the DN of the user who is logged
in. (That seems a little odd, why is that?) and yes I logged in as
another user using LDAP and it was available for them and not me.
2. pwdLastSet is some Active Directory timestamp (Why oh why cant
Microsoft just use utc like ev...java.security.Security issue
EAServer 4.2 build 42012 on NT (jdk13). This code works as a
Java clientapp but not when the code is inside an EJB
in EAServer? Can we register Security provider dynamically?
// system var.
System.setProperty("javax.net.debug", &...Security with Active Directory
I am currently authenticating with Windows and that is going fine but I was wondering how I can set up the system to then determine what pages a person can see once they are into the system based on what they have in active directory.
Example: John Doe should have access to the home page and his site specfic page instead of all pages.
Any suggestions would be great or any place that I read up on this subject would also be helpful.
What you are talking about is authorization, rather than authentication. You need some kind of store that will record what authorization John...Active Directory Security
Hi every one,
I am using ActiveDirectoryMembershipProvider as shown below..
<remove name="AspNetActiveDirectoryMembershipProvider" />
attributeMapFailedPasswordAnswerCount="FailedP...LDAP security issues
I have setup my Bugzilla 3.6.1 install for Active Directory authentication
Followed the docs and created a "Bugzilla" group in AD to allow access only
to users within this group.
Since then, all users can login without problems, but they *all have admin
I have no idea how this is happening, editing a user shows all groups
disabled, including admin!
I am so sorry to insist on this... but can someone help or test?
All my users have admin privs and I am having more than a few problems
because of that.
Thank you so much.
&...(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-)
Latest issue, #13:
(86 pages, with ads [not animated ads] - like a printed magazine)
Archives of past issues:
ISSUE 13 (September 2007)
* Interview with Janne Uusilehto, Head of Nokia Product Security
* Social engineering social networking services: a LinkedIn example
* The case for automated log management in meeting HIPAA compliance
* Risk decision making: whose call is it?
* Interview with Zulfikar Ramzan, Senior Principal Re...Secure LDAP (ldaps)
I have implemented ldap authentication in our application
using the sample given in "LDAP using EAServer and
Powerbuilder" document. It is succefully implemented. But
the network people has asked me to connect on secure port
(ldaps) now. My problem is i don't know what i kind of
setting i should do now on EAServer box and what i should do
on the clients. I assume there is nothing to be done on the
client because the call to ldap check is initiated from the
EAServer Server to LDAP server using EJB (calling JNDI API).
We are runnig EAServer on JDK 1.3. Can someone g...