[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: C API: minor comments
> > Implementations of the API SHOULD begin numbering messages with 1, to
> > be able to easily distinguish client-generated requests and
> > unsolicited
> > notifications.
> Quite probably a bad idea. It means that the IDs are predictable, making it
> easier for an attacker to spoof requests or replies. It may not matter as
> much with LDAP/TCP, but with LDAP/UDP it would.
> How about suggesting that requests be even and unsolicited notifications be
> odd?
Unsolicited is zero. How about this instead:
Implementations of the API SHOULD assign message IDs for client generated
requests in a range between 1 and 2147483647, to be able to easily
distinguish them from unsolicited notifications.
Mark Wahl, Directory Product Architect
Innosoft International, Inc.