Reputation: 77
Active Directory Credentials Over LAN
If you're connecting to Active Directory on an internal website using PHP, what security considerations need to be made? Will the site need SSL?
Upvotes: 0
Views: 38
Answers (1)
Reputation: 3031
Although a LAN is more secure than the internet, that doesn't make it fully secure. Similarly although AD logins are trickier to spoof than plaintext username/passwords, they aren't impossible to spoof.
You'd hope you can trust your staff, but it's good practice to use SSL on any website that includes any form of sensitive data, including but not limited to anything related to user logon - the performance hit is negligible and it negates almost all risk of anyone (internal or external) snooping on the data.
You're probably safe to skip SSL if the page is just the canteen menu for the day (although if someone performs a man in the middle attack and tells me it's Lamb Hotpot when it isn't, heads will roll), but if it's not obviously non-sensitive information, there's little reason to not use SSL
Upvotes: 1
Related Questions
- Authenticating in PHP using LDAP through Active Directory
- Connect an active directory or LDAP with PHP
- PHP Single Sign On Active Directory
- Windows authentication with PHP on IIS
- How to bind to AD server in PHP with credentials from trusted domain?
- PHP Active Directory authentication with Kerberos
- PHP & IIS: LDAPS Connection for Password Change
- PHP LDAP Connection to Authenticate against Active Directory from External Server
- Claim based authentication from PHP to Windows?
- Authenticate against ldap using PHP, active directory, while using IE/Firefox