http://mac.byu.edu/2004/09/08/using-byus-ldap-server-in-address-book/ A better way Sat, 05 Jul 2008 00:52:03 +0000 http://wordpress.org/?v=2.5 http://mac.byu.edu/2004/09/08/using-byus-ldap-server-in-address-book/#comment-5 Wade Preston Shearer Fri, 08 Sep 2006 20:56:44 +0000 http://mac.byu.edu/?p=101#comment-5 There is a major security issue with BYU's LDAP server. Since it does not require authentication, anyone from around the globe that chooses to connect to the LDAP server can harvest the entire database of names and phone numbers. I understand that no more information is made public here then each student has selected to make public in their profiles, but I do not think that that answer is acceptible. Personal information like this should be protected by default and only revealed at the specific request of each individual; not the other way around. We should have to take an extra step to make things public, not fight to keep it from being broadcast to the world and those that choose to abuse it. There is a major security issue with BYU’s LDAP server. Since it does not require authentication, anyone from around the globe that chooses to connect to the LDAP server can harvest the entire database of names and phone numbers. I understand that no more information is made public here then each student has selected to make public in their profiles, but I do not think that that answer is acceptible. Personal information like this should be protected by default and only revealed at the specific request of each individual; not the other way around. We should have to take an extra step to make things public, not fight to keep it from being broadcast to the world and those that choose to abuse it.

]]>