Charles and I have been emailing back and forth about the security of LDAP and my incorporation of LDAP authentication into WordPress makes this issue even more important.
My question is this:
Could a hacker sniffing UA network packets intercept the traffic between, say, the TCF Web server and the LDAP server? And could he/she thereby discover userIDs and passwords?
What I worry about is that in LDAP authentication it appears to me that the userID and password are traveling across the network in plaintext — not hashed or encrypted. Is that right?
Perhaps I just don’t understand how the authetication works!
Thanks for any enlightenment.