| Author |
|
solkmaaker
Senior Member
Joined: 28 June 2020
Online Status: Offline
Posts: 153
|
| Posted: 03 August 2020 at 3:24pm | IP Logged
|
|
|
Hi
Why does LDAP password change plugin tries to change user password not as logged in user himself, but the user that is described in plugin config?
From security point of view, i would not like to give admin access, who can rw all data, to specific application that is supposed to do only one thing. Shouldn't logic be that bind user finds out logged in users dn, and then binds as logged in user and changes password for himself?
And a small request. Currently only supported password schemes are plain,md5 and crypt.
Could you add more secure password schemes also, SHA256 or SSHA256 or SSHA512?
Sort of like that:
Code:
case 'ssha512':
$possibleChars = "abcdefghjkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUWXYZ23456789";
$rand_salt = '';
$length = 8;
for($i = 0; $i < $length; $i++){
$rand = rand(0, strlen($possibleChars) - 1);
$rand_salt .= substr($possibleChars, $rand, 1);
}
$sPasswordHash = '{SSHA512}'.base64_encode(hash('sha512', $sPassword.$rand_salt, TRUE).$rand_salt);
break;
|
|
|
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6038
|
| Posted: 04 August 2020 at 11:30pm | IP Logged
|
|
|
Hello,
Well the plugin was created years ago, and then ported to v8, so it's hard to say why it was implemented that way - but yes, what you're saying makes perfect sense. Developers will look into this when time permits. Thank you.
--
Regards,
Igor, Afterlogic Support
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: LDAP password change plugin questions
Privacy policy |
Refund policy