directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@apache.org>
Subject Re: PasswordHidden parameter
Date Wed, 13 Oct 2010 09:35:09 GMT
On Tue, Oct 12, 2010 at 10:33 AM, Kiran Ayyagari <kayyagari@apache.org>wrote:

> On Tue, Oct 12, 2010 at 12:18 PM, Emmanuel Lecharny <elecharny@gmail.com>
> wrote:
> >  On 10/12/10 8:36 AM, Pierre-Arnaud MARCELOT wrote:
> >>
> >> Hi,
> >>
> >> I agree that it could be interesting to have this kind of feature.
> >>
> >> Wouldn't it be more interesting to have the ability to give a list of
> >> specific ATs that should be hidden instead.
> >> We have that in Studio and it gives much more power and flexibility.
> >
> > That's a pretty good idea.
> >
> > However, I think that this kind of protection can be better handled by
> the
> > ACI subsystem. Atm, as it's a bit broken, I'd like to keep this parameter
> > along until we have a better way to manage ATs.
> >
> > That also means the move was not stupid, it's just that it's temporarily
> > useful, and probably easier to manage than a global ACI.
> before actually removing it I have checked for the references to the
> isPasswordHidden()
> method present in the DirectoryService but sadly I missed that the
> SearchHandler uses it,
> so it should be reverted (I ran the integ tests but without building
> protocol-ldap so didn't find this issue) cause the build is broken
> now, I should have checked by doing a full build, sorry for the
> trouble if anyone had with a broken trunk.
>
> OTOH, I think enforcing this feature with ACI seems to be the better way
>
>
+1 I fully agree. Also with a UI feature or wizard in Studio we can simplify
the creation of the ACI to ask the user if they want userPassord or other
such critical security elements hidden.

Such a wizard can compliment the full force direct manipulation of the
ACIItem that might at first sight seem a bit complex for users who are not
very educated about this subject. Your grandmother should be able to do this
with the wizard while power users can dig deep to get better fine grained
control.

WDYT?



> >
> > --
> > Regards,
> > Cordialement,
> > Emmanuel L├ęcharny
> > www.iktek.com
> >
> >
>
>
>
> Kiran Ayyagari
>



-- 
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org
To set up a meeting with me: http://tungle.me/AlexKarasulu

Mime
View raw message