[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Clarification of RootDSE information retrieval required
David Chadwick wrote:
weakness. Therefore there may be some operational
attributes that should not
be returned unless specifically named and the caller's access rights
give him
permission to read them.
I'm curious as to the specific security hazard here.
Access control is applied to the RootDSE.
Access control information is stored in
attributes with well-known names.
So why is there a security issue with always
returning the access control information to
someone who has access to it ?
Are they concerned about the traffic being
snooped ?