directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <>
Subject Re: [ApacheDS] Why does LdapPrincipal now store passwords?
Date Mon, 15 Oct 2007 07:16:09 GMT
I think this was an optimization, to avoid a lookup. I'm not sure
about the security risk in this case, but maybe you have something
else in mind.

Can you give us what you are thinking about ?

Thanks !

On 10/15/07, Alex Karasulu <> wrote:
> I was going through the code and found that the LdapPrincipal is now storing
> the user's
> password.  This is an immense security risk!  Why would we do such a thing?
> Alex

Emmanuel L├ęcharny

View raw message