[Date Prev][Date Next]
Re: (ITS#3510) ACL evaluation short-circuit would be nice
At 10:33 PM 1/23/2005, firstname.lastname@example.org wrote:
>Full_Name: Luke Howard
>Submission from: (NULL) (22.214.171.124)
>Perhaps ACL evaluation could be short-circuited for "access to *".
>Given a simple ACL configuration of:
>access to *
> by users read
> by * none
>on a heavily loaded machine, a search for "(objectClass=*)" takes a few seconds
>to return as each entry is checked against the ACL rule.
>It would be nice if an anonymous client could not consume server resources so
In HEAD, with -DSLAP_ACL_HONOR_DISCLOSE, the client is
required to have "search" on baseObject entry...