On Wed, 22 Dec 2010, Arthur de Jong wrote: > > You have already added exceptions by allowing "$" and I would like to ask > > you to add another exception for "~". > > Since ~ is used by shells (and other applications) to expand user names > to user home directories I think it will be confusing to allow it as a > first character, but for other places I don't see a problem. Is that a > problem for your configuration?
No, the ~ is not used as a first character in my configuration. > > But you should probably revisit the problem as a whole. > > > > Good programming principles is to be tolerant in what you read but be > > strict in what you send. By that I mean that it's not really nslcd's job > > to impose supplementary restrictions that are not needed. Or at least > > those restrictions should be configurable so that they can be disabled. > > In principle, I agree. The issue at hand is however that data that > appears to be invalid should not be passed along since there may be > security implications. Sure, but you trust the data that comes from the LDAP... so maybe you need different checks depending on the level of trust. Cheers, -- Raphaël Hertzog ◈ Debian Developer Follow my Debian News ▶ http://RaphaelHertzog.com (English) ▶ http://RaphaelHertzog.fr (Français) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
