[Date Prev][Date Next]
Re: allow anonymous_update (ITS#2155)
A patch based upon your submission has been committed to HEAD.
At 08:22 AM 2002-10-25, firstname.lastname@example.org wrote:
>Full_Name: Marian Eichholz
>Submission from: (NULL) (220.127.116.11)
>Up to 2.1.3 it was possible to modify entries without authentication
>With 2.1.5 it is mandatory to authenticate for backend data modification.
>There is no warning, that the default behaviour has changed so drastically and -
>worse - no way to configure anonymous updates (without patching the backend
>Brobably this is lethally bad for some production environments.
>With the patch at the URL, You have a new "allow" keyword "anonymous_update" to
>allow the old behaviour, if You need it (as we do).
>IMHO, hard coded credentials in tools are not necessaryly better than anonymous
>binds and updates.
>It approach in the patch is minimalistic. The backend directy checks the
>"global_allows" variable. Probably You want it more fine tuned (or a nicer
>The default behaviour does not change (relative to 2.1.8).