[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema definition precedence

Frank Swasey wrote:
Today at 1:22pm, Michael Ströder wrote:

Frank Swasey wrote:

Another example is uid, which is a security hole the size of Texas -- allowing substring matches so spammers can grab all your addresses! If you want to use uid (and not have to redefine [like I am about to] every objectClass that uses uid), you HAVE to modify it to remove substring searches or you become a spam magnet.

Nope. That's a matter of proper access control and indexing/limit settings, hence a matter of server configuration not schema design.

Right... so I'm to provide a public directory that must allow search for uid by anonymous bind

If you don't have any possibility to limit access by ACLs then don't publish all the e-mail addresses or you have to live with e-mail addresses being public.

But thanks for playing....

You definitely overread the term 'access control'.

I also can't see how removing SUBSTR matching gives you more access control. Either your directory is public or not. Well, thank *you* for playing...

Ciao, Michael.