CHAP Authentication

I have to build a simple login page using CHAP to authenticate users
in a DB. Can anyone explain how its done in simple steps? example of
code would be great.

thx

Re: CHAP Authentication

"Abu Hamza" wrote in message
news:fb263072-44ab-4f43-9832-bb5db055aee0@w28g2000hsf.google groups.com...
>I have to build a simple login page using CHAP to authenticate users
> in a DB. Can anyone explain how its done in simple steps? example of
> code would be great.

why chap?!

Re: CHAP Authentication

On Nov 20, 9:12 pm, "Steve" wrote:
> "Abu Hamza" wrote in message
>
> news:fb263072-44ab-4f43-9832-bb5db055aee0@w28g2000hsf.google groups.com...
>
> >I have to build a simple login page using CHAP to authenticate users
> > in a DB. Can anyone explain how its done in simple steps? example of
> > code would be great.
>
> why chap?!

The company I work for wants this. I don't know why but whats wrong
with it?

Re: CHAP Authentication

Abu Hamza wrote:
> On Nov 20, 9:12 pm, "Steve" wrote:
>> "Abu Hamza" wrote in message
>>
>> news:fb263072-44ab-4f43-9832-bb5db055aee0@w28g2000hsf.google groups.com...
>>
>>> I have to build a simple login page using CHAP to authenticate users
>>> in a DB. Can anyone explain how its done in simple steps? example of
>>> code would be great.
>> why chap?!
>
> The company I work for wants this. I don't know why but whats wrong
> with it?

its pretty damned weird - its normally used in PPP streams only.

I don't think you really want to do this..i'd get clarification.

Re: CHAP Authentication

On 20 Nov, 16:52, The Natural Philosopher wrote:
> Abu Hamza wrote:
> > On Nov 20, 9:12 pm, "Steve" wrote:
> >> "Abu Hamza" wrote in message
>
> >>news:fb263072-44ab-4f43-9832-bb5db055aee0@w28g2000hsf.goog legroups.com...
>
> >>> I have to build a simple login page using CHAP to authenticate users
> >>> in a DB. Can anyone explain how its done in simple steps? example of
> >>> code would be great.
> >> why chap?!
>
> > The company I work for wants this. I don't know why but whats wrong
> > with it?
>
> its pretty damned weird - its normally used in PPP streams only.
>
> I don't think you really want to do this..i'd get clarification.

Maybe he just means a challenge based hash system to avoid sending
passwords in clear text. Or maybe he means CHAP as implemented in PPP,
or maybe he means CHAP as implemented by Microsoft for PPP.

In the case of the former, see
http://groups.google.co.uk/group/comp.lang.php/browse_thread /thread/c5960aa0afac2621/4993d290eb78f811?hl=en&lnk=gst&q=MD 5+salt

C.

Re: CHAP Authentication

"C. (http://symcbean.blogspot.com/)" wrote in
message
news:f41b190d-7b7b-482c-9bee-675b9c14ee99@f3g2000hsg.googleg roups.com...
> On 20 Nov, 16:52, The Natural Philosopher wrote:
>> Abu Hamza wrote:
>> > On Nov 20, 9:12 pm, "Steve" wrote:
>> >> "Abu Hamza" wrote in message
>>
>> >>news:fb263072-44ab-4f43-9832-bb5db055aee0@w28g2000hsf.goog legroups.com...
>>
>> >>> I have to build a simple login page using CHAP to authenticate users
>> >>> in a DB. Can anyone explain how its done in simple steps? example of
>> >>> code would be great.
>> >> why chap?!
>>
>> > The company I work for wants this. I don't know why but whats wrong
>> > with it?
>>
>> its pretty damned weird - its normally used in PPP streams only.
>>
>> I don't think you really want to do this..i'd get clarification.
>
> Maybe he just means a challenge based hash system to avoid sending
> passwords in clear text. Or maybe he means CHAP as implemented in PPP,
> or maybe he means CHAP as implemented by Microsoft for PPP.

and maybe the price of tea in china really is quite useless
information...and maybe...

wtfc!

Re: CHAP Authentication

"C. (http://symcbean.blogspot.com/)" wrote in
message news:f41b190d-7b7b-482c-9bee-
> On 20 Nov, 16:52, The Natural Philosopher wrote:

> Maybe he just means a challenge based hash system to avoid sending
> passwords in clear text. Or maybe he means CHAP as implemented in PPP,
> or maybe he means CHAP as implemented by Microsoft for PPP.
>
> In the case of the former, see
> http://groups.google.co.uk/group/comp.lang.php/browse_thread /thread/c5960aa0afac2621/4993d290eb78f811?hl=en&lnk=gst&q=MD 5+salt

In my experience, when a non-techie customer says something like that, it's
because someone somewhere told them CHAP was important, and it just got
stuck in their craw.
It's usually not wise to try to "correct" them.
The best way to deal with something like that is to ensure that you do
perform some kind of Challenge/Authentication; call it a "protocol"; and
explain that you're already on the right track with their state goal.

It accomlishes several things.
1. It reassures them that they have not been duped by previous contractors.
2. It reassures them that you are not trying to dupe them.
3. It meets the spec, rather than trying to change the spec.

That last one is VERY important.

Re: CHAP Authentication

Sanders Kaufman wrote:
> "C. (http://symcbean.blogspot.com/)" wrote in
> message news:f41b190d-7b7b-482c-9bee-
>> On 20 Nov, 16:52, The Natural Philosopher wrote:
>
>> Maybe he just means a challenge based hash system to avoid sending
>> passwords in clear text. Or maybe he means CHAP as implemented in PPP,
>> or maybe he means CHAP as implemented by Microsoft for PPP.
>>
>> In the case of the former, see
>> http://groups.google.co.uk/group/comp.lang.php/browse_thread /thread/c5960aa0afac2621/4993d290eb78f811?hl=en&lnk=gst&q=MD 5+salt
>
> In my experience, when a non-techie customer says something like that, it's
> because someone somewhere told them CHAP was important, and it just got
> stuck in their craw.
> It's usually not wise to try to "correct" them.
> The best way to deal with something like that is to ensure that you do
> perform some kind of Challenge/Authentication; call it a "protocol"; and
> explain that you're already on the right track with their state goal.
>
> It accomlishes several things.
> 1. It reassures them that they have not been duped by previous contractors.
> 2. It reassures them that you are not trying to dupe them.
> 3. It meets the spec, rather than trying to change the spec.
>
> That last one is VERY important.
>
>
>
"Its better than CHAP"

Re: CHAP Authentication

"The Natural Philosopher" wrote in message
news:1195684683.31094.4@proxy00.news.clara.net...
> Sanders Kaufman wrote:

>> The best way to deal with something like that is to ensure that you do
>> perform some kind of Challenge/Authentication; call it a "protocol"; and
>> explain that you're already on the right track with their state goal.
>>
>> It accomlishes several things.
>> 1. It reassures them that they have not been duped by previous
>> contractors.
>> 2. It reassures them that you are not trying to dupe them.
>> 3. It meets the spec, rather than trying to change the spec.
>>
>> That last one is VERY important.
>>
> "Its better than CHAP"

Yeah, boi - that's what I'm talin' bout!
Ya say, "I gotcher back on this one. I've implemented a *proprietary* CHAP
protocol - one not used by others, and thus faaaar more secure."
Then ya tack on an extra C-Note to the invoice for "enhanced, custom
security".

Re: CHAP Authentication - Dolphin-v.5.6.0005.crc