URL: https://github.com/SSSD/sssd/pull/21 Title: #21: IFP: expose user and group unique IDs through DBus
sumit-bose commented: """ > With the SIDs we already have a library thay pretty much anyone can call and > retrieve the SID for ID. But not for GUIDs.. CC @sbose-rh for another > opinion.. In general the GUIDs are even less informative than the SID, e.g. you cannot derive the domain form it, it is just a random strings created with some rules to try to avoid collisions. So I cannot see a leak here. Additionally I think there is only special protection on the LDAP side on the GUID attribute, e.g. ipaUniqueID can be read anonymously. Only if the GUID is misused, e.g. as initial password, there would be an issue but imo not on our side. """ See the full comment at https://github.com/SSSD/sssd/pull/21#issuecomment-248285945
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
