Saturday, December 31st 2005
PermaLink NEWS: Enforce consistent ACL is faux security!12/31/2005 10:18 AM

I was recently asked to implement/research using a local cascaded addressbook with database security using groups and Enforce consistent ACL.

My gut feel was that it would not work, but, I've I've been surprised by that kind of thing before, so, I took a look.

To my surprise, simply adding groups to the local addressbook allowed for group based authentication (boom! I have manager access to my replica of your database), since the local addressbook needs to have its security wide open security, it turns this technique from a security setting, to a faux security technique, and absurdly easy to overcome.

When I added a second addressbook to the mix the groups were not read or respected at all from the second addressbook.


Comments :v

1. Brian Mumey01/12/2006 12:30:09 PM


Hey Dwight! I think misunderstanding this post. I have a local replica which uses 'enforce consistent acl'. It has a group with manager access. I add a group of that name to my local address book with me listed as a member. This will give me manager access to the replica? It didn't for me, but maybe I'm doing something wrong.



Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Powered By :

BlogSphere

Join The WebLog Revolution at BlogSphere.net

Dwight Pic
Dwight at Santa Monica, CA Having a wonderful time
Hot Links
These are my heavy hitters
MSDN DHTML Objects
MSDN JScript

Contact Me
email - Dwight Wilbanks
Left Block 3
Monthly Archive
2009
2008
2008
2008
2007
2007
Full Archive
Todays Referrers
No Referrals
RSS News Feed RSS Comments Feed Geo URL Blog Admin OpenNTF BlogSphere