[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RFC2256: userPassword

To: 'JR Heisey' <jr.heisey@mediagate.com>
Subject: RE: RFC2256: userPassword
From: Paul Leach <paulle@microsoft.com>
Date: Thu, 01 Jul 1999 16:12:24 -0700
Cc: ietf-ldapext@netscape.com
Resent-date: Thu, 01 Jul 1999 16:19:53 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"TbI0O.A.EdB.qd_e3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


> -----Original Message-----
> From: JR Heisey [mailto:jr.heisey@mediagate.com]
> Sent: Thursday, July 01, 1999 2:15 PM
> To: Paul Leach
> Cc: ietf-ldapext@netscape.com
> Subject: Re: RFC2256: userPassword
> 
> 
> My problem with this is that it gives the third party
> software access to all of my (assuming I'm the accounting
> system user) access to LDAP user information and possibly
> access to anything else that I have rights to. Which may or
> may not be a problem.

In _all_ the cases you presented, the third party software had your
password, in the clear. In which case, if it isn't trustworthy, it has
access to everything you hold dear. (Everything accessible with that
password, anyway.)

Follow-Ups:
- Re: RFC2256: userPassword
  - From: dboreham@netscape.com (David Boreham)
- RE: RFC2256: userPassword
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Oh, You Didn't Know
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread