[Date Prev][Date Next]
Re: schema definition precedence
Michael Ströder wrote:
If you don't have any possibility to limit access by ACLs then don't
publish all the e-mail addresses or you have to live with e-mail
addresses being public.
Either your directory is public or not.
This raises a question that interests and concerns me. There is very
little protecting the information in public directories. I could pretty
much get at all the info just using the protocol in these examples:
I'm most definitely not a spammer, but I could've been. With spam
growing from nuisance to massive problem, is there a growing sense that
public directories with contact information are a risky or unadvisable
proposition? Are there tales of abuse? On a different note, what about
launching searches on unindexed attributes as a DOS threat?
I don't see it as the only viable topology, but one of the reasons I
like my current setup is because I don't have to worry about anybody
outside my firewalled environment communicating directly to the LDAP
server. Everything must go through port 80, and hence my own software's
access control filters. The directory ACLs and limits are still in
place, but you can't look at a branch of the directory unless I give you
an interface. A DCE style project is in the works, though, so I'd be
interested to hear testimony on "protecting" public server data beyond
access control directives.