Menu
▾
▴
Re: Security risks of ldap
|
From: Chris R. <chr...@me...> - 2001-02-06 02:18:06
|
"Lambright, Linda (N-Averstar)" <lin...@lm...> wrote: > Thought I should resend this with the right title > >> ---------- >> From: Lambright, Linda (N-Averstar)[SMTP:lin...@lm...] >> Sent: Monday, February 05, 2001 4:38 PM >> To: Tom Jordan; 'Mark Wilcox' >> Cc: per...@li... >> Subject: RE: dynamic groups >> >> I need to write an explaination of the "security risks of ldap". I have >> found it very difficult to find a good explaination of this anywhere and >> was >> wondering if anyone could point me at a good explaination. >> >> Thank you. You could make a start by looking at all the "Security Considerations" in the LDAP RFCs. They're probably what you'd expect of a system that stores sensitive personal information in a network database that is basically accessed in the clear. There is a standard mechanism (TLS) to encrypt the data in transit. There are no standards for pure-LDAP-only servers defining how to control access to the data, so that's an issue too. Cheers, Chris |
