[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is having an "open" ldap database a good idea ?

To: jplooney-ldap@online.ie
Subject: Re: Is having an "open" ldap database a good idea ?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 04 Feb 2000 15:24:03 -0800
Cc: openldap-general@OpenLDAP.org
In-reply-to: <20000204123531.H23661@online.ie>

To answer the question:
	Is having an "open" ldap database a good idea ?

For publishing public information, yes.  For publishing information
to a subset of the general population, no.  You should place access
controls upon information such that only those authorized to view
the information may do so.  Be sure to address privacy and other
issues before publishing (publically or privately) any information.  

On Fri, 4 Feb 2000, John P. Looney wrote:
>  Do commerical spammers see LDAP databases as great big resources for
> guaranteed "live" email addresses, or are they too difficult for them
> to get one big list 

Spammers will harvest email addresses from public sources...
including public LDAP servers (and have been known to do so).

>(I intend doing things like limiting max searches to 10 results, etc.) ?

I believe using administrative limits is an inappropriate mechanism
for enforcing privacy and security policies.

	Kurt

References:
- Is having an "open" ldap database a good idea ?
  - From: "John P. Looney" <jplooney-ldap@online.ie>

Prev by Date: Re: Is having an "open" ldap database a good idea ?
Next by Date: Re: Is having an "open" ldap database a good idea ?
Index(es):
- Chronological
- Thread