LDAP Secure Connection

[Signit]

I am trying to implement a secure LDAP query on a ColdFusion web page. I need to authenticate to the server passing a username and password (not necessarily the users in fact I'd prefer to use a static username/password). However, the password attribute of the cfldap tag stores the password in clear text in the .cfm file. This does not meet security standards for my organization. Is there another method of doing this? Essentially, I am looking for a solution similar to that of connecting to a database server. Under this method our password settings are stored in a configuration setting/file that I can't see.

 

[ecobb]

If you're using it for a login form, you can just specify the username and password used in the form.

username="domain\#Form.Username#"
password="#Form.Password#"

But if you're wanting to hard code a username and password and always use it, you should probably do it another template. Just create a file, have something like:

<cfset LDAP_User = "Bob">
<cfset LDAP_Pass = "123">

Then, encrypt the file so no one can view it, and use cfinclude to bring it in right before your CFLDAP tag.



Hope This Helps!

ECAR
ECAR Technologies, LLC

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[Signit]

I am not a ColdFusion administrator so I am a little hazy on how we are grabbing a users login information. (I will check with our CFAdmins tomorrow though I am pretty sure we are using a form of SPNEGO to pass credentials around).

As far as the idea of storing and encrypting the file in what manner can a ColdFusion file be encrypted?