[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: C LDAP API: security considerations
I agree completely with Paul!
At 11:03 PM 11/13/99 -0800, Paul Leach (Exchange) wrote:
>Suggest one plausible way in which it is possible to specify policy to an
>application to do anything with the flexibility you insist must be present.
>
>I.e., suppose the application is informed that it has been given a referral.
>When and how will it decide to chase it, and when not?
>
>Applications have no idea how to answer the above question. Neither do
>users. If there were to be a mechanism to answer that question, and a way to
>specify the policy for answering it, they should be _below_ the level of the
>LDAP API, so that use of the mechanism and enforcement of the policy would
>_not_ depend on all the applications doing the right thing, since experience
>suggests that will never happen.
>
>
>> -----Original Message-----
>> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.Org]
>> Sent: Saturday, November 13, 1999 12:37 PM
>> To: ietf-ldapext@netscape.com
>> Subject: Re: C LDAP API: security considerations
>>
>>
>> After some additional thought on this matter, I believe it
>> inappropriate of API implementations to chase referrals without
>> application interaction. An API implementations should
>> not assume the application's trust in the server providing
>> the knowledge information extends to the referenced server.
>
>Why? If the application trusts the first server to give correct answers, why
>shouldn't it trust the servers to which it gives referrals?
>
>>
>> A client application should be in direct control of which
>> servers it does or doesn't connect to. A client application
>> should be in direct control of which request are submitted
>> to servers. A client application should be in direct control
>> of which information is provided with each request.
>>
>> I suggest that the default behavior of API implementations
>> should be to NOT chase referrals. I suggest we extend
>> the API specification to provide a mechanism to allow
>> applications that wish to progress the operation to do so
>> under the application's control. If the application fails
>> to utilize this mechanism, the API implementation should
>> not chase the referral.
>
>I suggest that the default should be to chase referrals, and that an
>application which is worried about chasing referrals should have a way to
>opt out by providing a mechanism such as you suggest.
>
>If referral chasing is not easy for applications, it won't usually be done.
>
>If referral chasing is not usually done, then the freedom of a server to
>partition its NC onto several servers with referrals to bridge them will be
>eliminated.
>
>>
>> I also suggest that we then add a security consideration
>> to the C LDAP API I-D that encourages applications to
>> interact with users to determine if chasing is appropriate.
>
>Nonsense. Users always say "yes".
>
>Paul
>
>
>
==============================================
Bruce Greenblatt, Ph. D.
Directory Tools and Application Services, Inc.
http://www.directory-applications.com