[Date Prev][Date Next]
Re: LDAP Root for dc style naming
On Fri, 14 Jan 2000, Kurt D. Zeilenga wrote:
> At 10:12 AM 1/15/00 +1100, David J N Begley wrote:
> >No it didn't, but the end result was the same.
> No. These issues are complete differnet. Protection of a local
> service, be it squid or slapd and use of published information.
Precisely, the end result was the same - people were using "published
information" to access those proxies.
> If you bring up a local service, you need to take appropriate steps
> to protect it.
> I think this caution is belongs more in the admin guides of various
> LDAP servers...
An addition for the OpenLDAP documentation... ;-)
> >As with the Squid problem, it can be done anyway but "the problem"
> >wasn't a problem as such until something made it easier for more people
> >to exploit it.
> I disagree. The problem was always there, just not often exploited.
I didn't say the loophole wasn't exploited, just that the matter wasn't as
much of a wide-scale problem until something (in this case, a bug) made it
easier for more people to exploit.
It'll be interesting to see how this plays out from a deployment perspective,
particularly if it provides sufficient incentive for widespread adoption of a
standard "Internet whitepages" schema.