[Date Prev][Date Next] [Chronological] [Thread] [Top]

updating as anonymous

To: ietf-ldapbis@OpenLDAP.org
Subject: updating as anonymous
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 14 Oct 2003 16:40:19 +0200

I think this belongs in [Protocol], not in [authmeth]:

   6. Anonymous Authentication 

   Servers SHOULD NOT allow
   clients with anonymous authentication to modify directory entries or
   access sensitive information in directory entries.

This is about the update operations, not about the bind operation.

I guess the same applies to this:

   10. Security Considerations 

   Servers are encouraged to prevent modifications by anonymous users. 

though I don't think that's important.

-- 
Hallvard

Prev by Date: authmeth-07 issues
Next by Date: LDAPBIS @ IETF#58
Index(es):
- Chronological
- Thread