[Date Prev][Date Next] [Chronological] [Thread] [Top]

protocol: data hiding

To: ietf-ldapbis@OpenLDAP.org
Subject: protocol: data hiding
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 9 Feb 2004 22:14:31 +0100

A Security Consideration like this might be a good idea:

   The matchedDN and diagnosticMessage fields and some result
   codes (such as insufficientAccessRights, attributeOrValueExists
   and entryAlreadyExists) may reveal the presence of specific
   data in the directory.  If access controls prohibit this, the
   server must take care to instead act as if the data are not
   present, or when that is not possible, to return a less
   informative result code.

-- 
Hallvard

Prev by Date: DN draft and X.500
Next by Date: Re: protocol: data hiding
Index(es):
- Chronological
- Thread