[Date Prev][Date Next]
Re: (ITS#3472) return code should be 32 when no access to object
Pierangelo Masarati writes:
>To: "Hallvard B Furuseth" <firstname.lastname@example.org>
>> Maybe a slapd.conf statement
>> access default <disclose/none/read/...>
>> Without this statement, the default would be 'disclose' for the time
>> being, to be changed to 'none' later. However, insert 'access default
>> none' in the distributed slapd.conf, and maybe make slapd warn if a
>> database has neither 'access to * by * ...' nor 'access default ...'.
> I think your suggestions make a lot of sense;
I don't, anymore:-( Though I still think such a statement would be
useful. Or is above just a shorthand for having 'access to * by *
disclose break' at the top?
Anyway, I forgot about statements that name the 'none' access level
explicitly. The above plan would give two transitions instead of one:
One when people started to use 'access default none' or whatever, and
another when the 'none' level is changed to actually mean 'none'.
It would work to instead have a statement which specifies whether 'none'
actually means 'none' or 'disclose'. But that seems confusing, and I
can't see any benefit except in the transition phase.
OTOH, a similar database-specific statement which means the server _may_
treat 'none' as 'disclose' would be useful, since I believe it would
allow various optimizations - at least in some backends.