[Date Prev][Date Next] [Chronological] [Thread] [Top]

C LDAP API: security considerations



I believe it wise to add a security consideration stating that
implementations should not reuse authentication information,
without application interaction, when chasing referrals.
That is, unless the application authorizes reuse with the
authentication information (or provides new information via
some mechanism) with the server chased, the implementation
should use an anonymous bind.

Even if DIGEST-MD5 was in use, such application interaction
should still be recommended to be consistent with "keeping
long-lived copies of credentials without the application's
knowledge is discouraged."

I also suggest that "long-lived" should be clarified. Something
like "implementations should not maintain copies of authentication
information, including credentials, any longer than necessary."
In particular, authentication information should not live longer
than the API call it was used with.  (Implementations are encouraged
to "forget" such information sooner).

Note also that I prefer "authentication information" over
"authentication credentials" as the authorization ID itself
may be sensitive.

Kurt