Is anyone bothered by the fact that the credentials one uses to bind to the LDAP directory are stored in clear text in the variables table, with clearly identifiable name values? These then can appear in the database log if logging is turned on.

Is there any thought a out encrypting or obfuscating that data?

Comments

scafmac’s picture

Any suggestions?

kreaper’s picture

The problem is that if we store is as a one-way hash, then we need a user-inputted password to check the hash and confirm the correct passwords -- that's not an option. (users do not have BINDPW info!)

the second way is to use a two-way algorithm but that will mean that we'll have to store the salt somewhere -- but what's the point ? a dude who gets to the database will have access to the salt and the encrypted hash ..(tis assuming that the mysql engine is compiled with proper supported libraries)

food for thought - http://drupal.org/node/44420

hyperlogos’s picture

the second way is to use a two-way algorithm but that will mean that we'll have to store the salt somewhere -- but what's the point ? a dude who gets to the database will have access to the salt and the encrypted hash

All the data doesn't have to be stored in the database. The salt could be stored in a file. That way, someone who compromises either the mysql instance or Apache (but not both) would still not be able to decode the passwords.

Storing the passwords in cleartext is a Bad Idea(tm). A little obfuscation can sometimes go a long way.

kreaper’s picture

may be a ldapauth.conf.php file ?

kreaper’s picture

Status: Active » Postponed (maintainer needs more info)

If a patch is made available for this functionality, I will be willing to look at it and commit it

kreaper

johnbarclay’s picture

Status: Postponed (maintainer needs more info) » Closed (won't fix)

Closing 4.7 issues to clean out issue queue.