[Date Prev][Date Next] [Chronological] [Thread] [Top]

C LDAP API: security considerations

To: ietf-ldapext@netscape.com
Subject: C LDAP API: security considerations
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Mon, 08 Nov 1999 20:46:08 -0800
Resent-date: Tue, 09 Nov 1999 06:09:07 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"eHmzMC.A.g8E.1rCK4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I believe it wise to add a security consideration stating that
implementations should not reuse authentication information,
without application interaction, when chasing referrals.
That is, unless the application authorizes reuse with the
authentication information (or provides new information via
some mechanism) with the server chased, the implementation
should use an anonymous bind.

Even if DIGEST-MD5 was in use, such application interaction
should still be recommended to be consistent with "keeping
long-lived copies of credentials without the application's
knowledge is discouraged."

I also suggest that "long-lived" should be clarified. Something
like "implementations should not maintain copies of authentication
information, including credentials, any longer than necessary."
In particular, authentication information should not live longer
than the API call it was used with.  (Implementations are encouraged
to "forget" such information sooner).

Note also that I prefer "authentication information" over
"authentication credentials" as the authorization ID itself
may be sensitive.

Kurt

Follow-Ups:
- Re: C LDAP API: security considerations
  - From: Ashish Kolli <akolli@us.oracle.com>
- Re: C LDAP API: security considerations
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>

Prev by Date: Boost
Next by Date: This time
Index(es):
- Chronological
- Thread