At 12:40 PM 5/26/2003, Michael Ströder wrote:
Kurt D. Zeilenga wrote:
KurtZ raised a security consideration regarding session hijacking. Add consideration.
??? "Add: Use of integrity protection is encouraged to prevent session hijacking."
Which session is meant here?
The LDAP session.
If one uses a mechanism such as DIGEST-MD5 without
negotiating integrity protection to authenticate,
a man-in-middle can hijack the session after
authentication completes.
Does that really belong into draft-ietf-ldapbis-user-schema? How does that relate to the schema definitions?
Ciao, Michael.