directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject Re: [ApacheDS] Why does LdapPrincipal now store passwords?
Date Mon, 15 Oct 2007 07:16:09 GMT
I think this was an optimization, to avoid a lookup. I'm not sure
about the security risk in this case, but maybe you have something
else in mind.

Can you give us what you are thinking about ?

Thanks !

On 10/15/07, Alex Karasulu <akarasulu@apache.org> wrote:
> I was going through the code and found that the LdapPrincipal is now storing
> the user's
> password.  This is an immense security risk!  Why would we do such a thing?
>
> Alex
>
>


-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message