[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A question on syncrepl

To: "Xingyuan Zhang" <xyzhang@public1.ptt.js.cn>, <openldap-devel@OpenLDAP.org>
Subject: Re: A question on syncrepl
From: "Jong" <jongchoi@OpenLDAP.org>
Date: Wed, 21 Jan 2004 12:20:40 -0500
References: <000f01c3dff6$02401990$1d00a8c0@XingyuanPC>


> Dear OpenLDAP developers,
>
> As far as I can understand, there is no check on the length of bi_psearch_list. If a
> malicious use keeps establishing persistant searches, could the master server be
overflown?

Yes, this is in fact one of the high priority TODO items.

In addition to the size issue, an access control mechanism for the persistent
search should be implemented. Whereas the access control for the content
determination for a psearch is achieved by the current access control mechanism,
the creation of the persistent searches should be restricted only to the allowed users.

The maximum size of the psearches can be specified per database definition.
For the access control specification, I'm wondering whether I can add a new
<access> directive (sth like "psearch") to the current set...

> Thanks!
>
> Xingyuan
>
>

References:
- A question on syncrepl
  - From: "Xingyuan Zhang" <xyzhang@public1.ptt.js.cn>

Prev by Date: Re: equality indexing
Next by Date: Re: equality indexing
Index(es):
- Chronological
- Thread