RE: compare advance security password

Aaron Johnson Tue, 07 Aug 2001 19:49:07 -0700
That's the point, you can't get the users old password from LDAP.. It's not
a Spectra thing so much as it's a Directory Services type question.   You
could start storing the passwords in a separate database, but that would be
a ton more work and the admins would probably hate you.

If you're doing what I think you're doing (ie: change you password?  type
your old password and your new password here), then you *could* do this..
show a form for the user to type in their old and new.. and then on
submission try to log them in using the old password... if it works, then
the old password is a match and you can then change the old password to the
new password... if it doesn't work, then you have a non match...

HTH

Aaron Johnson, MCSE, MCP+I
Macromedia Certified ColdFusion Developer
MINDSEYE, Inc.
<phn>617.350.0339
<mbl>617.461.3721
<fax>617.350.8884
<icq>66172567
[EMAIL PROTECTED]

> -----Original Message-----
> From: Mak Wing Lok [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 07, 2001 11:07 PM
> To: [EMAIL PROTECTED]
> Subject: Re: compare advance security password
>
>
> i understand that, but what if i want to the verify the user old password
> before i change it to the new password? how can i do the verification?
>
>
> ----- Original Message -----
> From: "Aaron Johnson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, August 08, 2001 11:05 AM
> Subject: RE: compare advance security password
>
>
> > Hi Mak,
> >
> > > help please, just wondering how i could compare the old password that
> user
> > > type in with the password in the LDAP server before i let the
> application
> > > change the password for the user, as i found out that the password i
> > > retrieve using cfa_userGet is encrypted.
> > -- All the directory services I'm aware of will *not* let you read the
> > actual password once the user puts it into the system for
> obvious security
> > reasons (ie: I change my password to access the financial data for the
> > company, you being an enterprising developer go and grab my username and
> > password from LDAP and then read financial data... bad news).
> >
> > HTH
> >
> > Aaron Johnson, MCSE, MCP+I
> > Macromedia Certified ColdFusion Developer
> > MINDSEYE, Inc.
> > <phn>617.350.0339
> > <mbl>617.461.3721
> > <fax>617.350.8884
> > <icq>66172567
> > [EMAIL PROTECTED]
>
>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: compare advance security password

Reply via email to
