Apache Directory Project - [ApacheDS] Why does LdapPrincipal now store passwords?

This is Interesting: Free IT Magazines  
Home > Archive > Apache Directory Project > October 2007 > [ApacheDS] Why does LdapPrincipal now store passwords?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author [ApacheDS] Why does LdapPrincipal now store passwords?
Alex Karasulu

2007-10-15, 1:11 am

I was going through the code and found that the LdapPrincipal is now storing
the user's
password. This is an immense security risk! Why would we do such a thing?


Alex

Emmanuel Lecharny

2007-10-15, 7:11 am

I think this was an optimization, to avoid a lookup. I'm not sure
about the security risk in this case, but maybe you have something
else in mind.

Can you give us what you are thinking about ?

Thanks !

On 10/15/07, Alex Karasulu <akarasulu-1oDqGaOF3Lkdnm+yROfE0A@public.gmane.org> wrote:
> I was going through the code and found that the LdapPrincipal is now stor=
ing
> the user's
> password. This is an immense security risk! Why would we do such a thin=
g?
>
> Alex
>
>


--=20
Regards,
Cordialement,
Emmanuel L=E9charny
www.iktek.com

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com