[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Root for dc style naming

To: openldap-devel@OpenLDAP.org
Subject: Re: LDAP Root for dc style naming
From: David J N Begley <david@avarice.nepean.uws.edu.au>
Date: Sun, 16 Jan 2000 21:28:32 +1100 (EST)
In-reply-to: <3.0.5.32.20000114220236.00993b40@127.0.0.1>

On Fri, 14 Jan 2000, Kurt D. Zeilenga wrote:

> At 10:12 AM 1/15/00 +1100, David J N Begley wrote:
> >No it didn't, but the end result was the same. 
> 
> No. These issues are complete differnet.  Protection of a local
> service, be it squid or slapd and use of published information.

Precisely, the end result was the same - people were using "published
information" to access those proxies.

> If you bring up a local service, you need to take appropriate steps
> to protect it.

Ack.

> I think this caution is belongs more in the admin guides of various
> LDAP servers...

An addition for the OpenLDAP documentation...  ;-)

> >As with the Squid problem, it can be done anyway but "the problem"
> >wasn't a problem as such until something made it easier for more people
> >to exploit it.
> 
> I disagree.  The problem was always there, just not often exploited.

I didn't say the loophole wasn't exploited, just that the matter wasn't as
much of a wide-scale problem until something (in this case, a bug) made it
easier for more people to exploit.

It'll be interesting to see how this plays out from a deployment perspective,
particularly if it provides sufficient incentive for widespread adoption of a
standard "Internet whitepages" schema.

Cheers..

dave

References:
- Re: LDAP Root for dc style naming
  - From: "Kurt D. Zeilenga" <kurt@OpenLDAP.org>

Prev by Date: Re: LDAP Root for dc style naming
Next by Date: client sockets and fork
Index(es):
- Chronological
- Thread