Make the userPassword not searchable from the outside
-----------------------------------------------------
Key: DIRSERVER-1259
URL: https://issues.apache.org/jira/browse/DIRSERVER-1259
Project: Directory ApacheDS
Issue Type: New Feature
Affects Versions: 1.5.4
Reporter: Emmanuel Lecharny
Fix For: 1.5.5
The userPassword attribute should not be searchable by default. More
specifically, it should not be a part of any filter, as it may be a security
breach (imagine you use something like (&(cn=foo)(userPassword >
a)(userPassword < c)), you can easily find the password in a very simple way...)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
