[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: does back-sql bypass ACL ?
Frederic Saincy writes:
# this DOES NOT WORK
# (even anonymous can add/delete entries, modify attributes... )
access to *
by dn="cn=root,=sql,c=RU" write
by * read
At a first glance, yes: there's no ACL check for write operations.
I guess back-sql is intended to allow --wiewing-- of sql data more
than modifying it. I think you should disallow modifications by
means of SQL permissions on the tables back-sql is using.
Pierangelo.
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati