[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: does back-sql bypass ACL ?

To: Frederic Saincy <freddy@lovelinux.org>
Subject: Re: does back-sql bypass ACL ?
From: "Pierangelo Masarati" <masarati@aero.polimi.it>
Date: Sat, 11 May 2002 08:56:30 +0000
Cc: openldap-software@OpenLDAP.org
In-reply-to: <87vg9vtnsn.fsf@panda.baobab.home>
References: <87vg9vtnsn.fsf@panda.baobab.home>

Frederic Saincy writes:

# this DOES NOT WORK # (even anonymous can add/delete entries, modify attributes... ) access to * by dn="cn=root,=sql,c=RU" write by * read

At a first glance, yes: there's no ACL check for write operations. I guess back-sql is intended to allow --wiewing-- of sql data more than modifying it. I think you should disallow modifications by means of SQL permissions on the tables back-sql is using.

Pierangelo.

Dr. Pierangelo Masarati | voice: +39 02 2399 8309 Dip. Ing. Aerospaziale | fax: +39 02 2399 8334 Politecnico di Milano | mailto:pierangelo.masarati@polimi.it via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati

References:
- does back-sql bypass ACL ?
  - From: Frederic Saincy <freddy@lovelinux.org>

Prev by Date: does back-sql bypass ACL ?
Next by Date: matching facsimileTelephoneNumber
Index(es):
- Chronological
- Thread