Bug 444117 - end-user DB searching should not run as Directory Admin
Summary: end-user DB searching should not run as Directory Admin
Keywords:
Status: CLOSED EOL
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: CA
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Christina Fu
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks: 530474
TreeView+ depends on / blocked
 
Reported: 2008-04-25 05:01 UTC by Bob Lord
Modified: 2020-03-27 18:37 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-03-27 18:37:50 UTC
Embargoed:

Attachments (Terms of Use)

Description Bob Lord 2008-04-25 05:01:04 UTC 
Description of problem:
There is a web form on the CA subsystem that allows end users to search the CA's
database for other users, certificate, and other information. Some users who
have not been trained to properly user the web form may request an LDAP query
that will take a very long time to complete and will consume CA resources.

Users are able to tax the CA because the web-form searches using privileges of
the administrator. If that function ran as a different user, it would be
possible to put timeout limits on searches to prevent intentional or
unintentional draining of CA resources.
Comment 1 Christina Fu 2008-05-06 18:52:11 UTC 
Is performance issue 8.0?
Comment 2 Bob Lord 2008-05-06 20:14:08 UTC 
This may require some heavy lifting.  Putting it on the 8.1 radar.
Note You need to log in before you can comment on or make changes to this bug.