[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Disable NULL BASE queries

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: Disable NULL BASE queries
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 05 Feb 2004 13:50:26 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <m3hdy58dkt.fsf@marin.l4b.de>
References: <20040205193908.55492.qmail@web80702.mail.yahoo.com> <m3hdy58dkt.fsf@marin.l4b.de>

At 12:40 PM 2/5/2004, Dieter Kluenter wrote:
>That requirement is violating RFC-2251,3.4 

Subjecting root DSE information to access controls
is not counter to RFC 2251.

That said, I think "Risk factor : Medium" is quite bogus.
Security by obscurity (hiding the naming context) is no
security at all.

Administrators should take note that values of the root
DSE are primarily made available for auto-discovery.  If
you hide these values, you'll break auto-discovery.

Kurt

References:
- Disable NULL BASE queries
  - From: Shawn McKinney <smmtech@sbcglobal.net>
- Re: Disable NULL BASE queries
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Disable NULL BASE queries
Next by Date: RE: Quick Start Guide - newbie question
Index(es):
- Chronological
- Thread