Justin One point where you lost me is this:
"you -can- (never done it..but you can I'm sure) retreive the encrypted password, just like in Unix. From there you can collect the password from the user in CF, encrypt it using the same algorithm that NT uses " If you could encrypt it using the same algorithm that NT uses couldnt you decrypt it as well then? Kola -----Original Message----- From: Justin Buist [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 10, 2001 11:39 PM To: CF-Server Subject: RE: Remote NT Authentication > I don't think this is possible. I don't think that you're programmatically > allowed to retrieve passwords from the NT user database. You could turn this > on its head, and have your users change their NT passwords through a CF > application, which could then write the entries to a database in addition to > writing the changes to the NT user database. From a security perspective, > this has its own problems, of course. > > Dave Watts, CTO, Fig Leaf Software You are correct, you cannot retreive passwords from an NT database but you -can- (never done it..but you can I'm sure) retreive the encrypted password, just like in Unix. From there you can collect the password from the user in CF, encrypt it using the same algorithm that NT uses and compare the stored values. This is really how all password schemes should work but in practice a fair amount of developers will store the unencrypted password and just compare that. Yes, I am personally guilty of building such systems. Justin Buist ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
