|
|
|
Be careful when using unique attribute values for sensitive data.
When a DSA searches entries to determine if an attribute value is unique, the search bypasses access controls. This means that a user could write a client application to determine the unique values. If these are sensitive information, this may be a security issue.
If the scope of the subtree covers more than one DSA, the first DSA (DSA-A) sends the search to another DSA (DSA-B). DSA-B obeys access controls unless DSA-A has set the trust flag trust-DSA-triggered-operations. To allow DSA-B to bypass access controls, set this flag in the DSA-A knowledge and ensure that DSA-B shares DSA-A's knowledge.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |