[ApacheDS] Why does LdapPrincipal now store passwords?

Web Server Talk > Web Servers reviews > Apache Server configuration support > Apache Directory Project > [ApacheDS] Why does LdapPrincipal now store passwords?

Last Thread Next Thread Next

[ApacheDS] Why does LdapPrincipal now store passwords?

Alex Karasulu

10-15-07 06:11 AM

I was going through the code and found that the LdapPrincipal is now storing
the user's
password.  This is an immense security risk!  Why would we do such a thing?


Alex

[ Post a follow-up to this message ]

Re: [ApacheDS] Why does LdapPrincipal now store passwords?

Emmanuel Lecharny

10-15-07 12:11 PM

I think this was an optimization, to avoid a lookup. I'm not sure
about the security risk in this case, but maybe you have something
else in mind.

Can you give us what you are thinking about ?

Thanks !

On 10/15/07, Alex Karasulu <akarasulu-1oDqGaOF3Lkdnm+yROfE0A@public.gmane.org> wrote:
> I was going through the code and found that the LdapPrincipal is now stor=
ing
> the user's
> password.  This is an immense security risk!  Why would we do such a thin=
g?
>
> Alex
>
>

--=20
Regards,
Cordialement,
Emmanuel L=E9charny
www.iktek.com

[ Post a follow-up to this message ]

Most Popular forums

Apache Server	MySQL for Windows	Sendmail
Red Hat Networking	SuSe Linux	Debian Linux
FreeBSD administration	Sun Solaris administration	Unix Shell programming
WebSphere Portal Server	Exchange 2000 administration	PostgreSQL administration
Linux Security	Computer Security	Firewalls

Forum Jump:

Forum Rules:

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF

Medical and Health forum | Computer Games Reviews | Graphics design forum

Automated OffSite Backup	Shopping Cart Software
Data Recovery	tattoos
RAM Memory Upgrades	Moving Companies

Syndicate this forum via XML or simple JavaScript feed

Home | Usercp | Faq | Register