[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: C API: minor comments



> > Implementations of the API SHOULD begin numbering messages with 1, to 
> > be able to easily distinguish client-generated requests and 
> > unsolicited
> > notifications.

> Quite probably a bad idea. It means that the IDs are predictable, making it
> easier for an attacker to spoof requests or replies. It may not matter as
> much with LDAP/TCP, but with LDAP/UDP it would.

> How about suggesting that requests be even and unsolicited notifications be
> odd?

Unsolicited is zero.  How about this instead:

 Implementations of the API SHOULD assign message IDs for client generated
 requests in a range between 1 and 2147483647, to be able to easily 
 distinguish them from unsolicited notifications.

Mark Wahl, Directory Product Architect
Innosoft International, Inc.