[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3472) return code should be 32 when no access to object

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: (ITS#3472) return code should be 32 when no access to object
From: Pierangelo Masarati <ando@sys-net.it>
Date: Tue, 11 Jan 2005 14:40:20 +0100
Cc: quanah@stanford.edu, openldap-devel@OpenLDAP.org
References: <200501080059.j080xbi0027275@boole.openldap.org> <6.2.0.14.0.20050107202757.02a4d308@mail.openldap.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Of course, all my dscussion about write operations may sound academic, because writes need authentication; I guess we better focus on reads right now. Another note is: we don't check entry access for compares; this means that a compare should return noSuchObject as well if no disclose is granted for that entry, otherwise attackers could exploit it.

p.

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: (ITS#3472) return code should be 32 when no access to object
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: (ITS#3472) return code should be 32 when no access to object
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: (ITS#3472) return code should be 32 when no access to object
Next by Date: Re: (ITS#3472) return code should be 32 when no access to object
Index(es):
- Chronological
- Thread