Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By rout on
Has anyone had any experience using a secure server for the user login page?
I am setting up an LDAP connection to another server for one of my clients, and they are worried that the usernames/passwords could be sniffed.
Comments
Sniffing
At 4:44am I can think of three points where sniffing can occur:
a) Local machine. If it's a Windows machine, it's definitely easy to have some sniffer on the user's machine.
b) Local machine-webserver. Use HTTPS.
c) webserver-LDAP server. I do not know LDAP, but I guess you can secure this connection as well. If nothing else works, SSH tunnel will do.
To sum up, currently the biggest threat is Windows and you can't do anything.
--
Read my developer blog on Drupal4hu.
--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.