[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: protocol: data hiding



At 02:14 PM 2/9/2004, Jim Sermersheim wrote:
>I like the notion of bringing this to the reader's attention, but I dislike prescribing specific actions. How about something more like:
> 
>The matchedDN and diagnosticMessage fields and some result codes (such as insufficientAccessRights, attributeOrValueExists and entryAlreadyExists) may disclose the presence of specific data in the directory. Access controls coupled with restrictive policies can be used to protect against such disclosure.

I rather word the consideration to the implementor not the
user.
        The matchedDN and diagnosticMessage fields, as well as some
        resultCode values (e.g., attributeOrValueExists and
        entryAlreadyExists), could disclose the presence the
        specific data in the directory where not subjected to
        access and other administrative controls.  Server
        implementators should provide access control mechanisms
        which not only restrict access to information under both
        normal but also under error conditions.


Kurt


> 
>Jim
>
>>>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 2/9/04 2:14:31 PM >>>
>A Security Consideration like this might be a good idea:
>
>The matchedDN and diagnosticMessage fields and some result
>codes (such as insufficientAccessRights, attributeOrValueExists
>and entryAlreadyExists) may reveal the presence of specific
>data in the directory. If access controls prohibit this, the
>server must take care to instead act as if the data are not
>present, or when that is not possible, to return a less
>informative result code.
>
>-- 
>Hallvard