[Date Prev][Date Next] [Chronological] [Thread] [Top]

protocol: data hiding



A Security Consideration like this might be a good idea:

   The matchedDN and diagnosticMessage fields and some result
   codes (such as insufficientAccessRights, attributeOrValueExists
   and entryAlreadyExists) may reveal the presence of specific
   data in the directory.  If access controls prohibit this, the
   server must take care to instead act as if the data are not
   present, or when that is not possible, to return a less
   informative result code.

-- 
Hallvard