[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: does back-sql bypass ACL ?

Frederic Saincy writes:

# this DOES NOT WORK # (even anonymous can add/delete entries, modify attributes... )
access to *
by dn="cn=root,=sql,c=RU" write
by * read

At a first glance, yes: there's no ACL check for write operations.
I guess back-sql is intended to allow --wiewing-- of sql data more
than modifying it. I think you should disallow modifications by
means of SQL permissions on the tables back-sql is using.


Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati