If you don't trust the directory you are querying to not refer you to a dangerous place, why should you trust any other data it returns to you?
I'll agree with your recommendation as long as it is qualified as you do -- the concern is primarily over the use of weakly protected credentials (which should be strongly discouraged anyway!). But if the authentication is strong, there's no reason not to automatcially chase referrals.
> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:kurt@boolean.net]
> Sent: Wednesday, November 10, 1999 5:37 AM
> To: Paul Leach (Exchange)
> Cc: Kurt D. Zeilenga; ietf-ldapext@netscape.com
> Subject: RE: C LDAP API: security considerations
>
>
> My primary concern is that an API should not chase referrals
> without application interaction when doing so might expose the
> credentials unexpectedly. If the authentication mechanism,
> such as DIGEST-MD5, adequately protects the credentials, then
> I see little problem with allowing the authentication without
> per-chased referral bind. However, if the authentication
> mechanism is simple or such, then I believe it unwise to reuse
> credentials while automatically chasing referrals.
>
> Most current SDKs, I believe, will not reuse authentication
> credentials specified with a simple bind when chasing referrals.
> Instead, they bind anonymously or utilize some application
> interaction mechanism to obtain new credentials. I believe
> we should encourage such behavior.
>
> Kurt
>
> ----
> Kurt D. Zeilenga <kurt@boolean.net>
> Net Boolean Incorporated <http://www.boolean.net/>
>