[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Last Look" at the RADIUS Design Guidelines document
On Jan 7, 2010, at 4:54 PM, Joseph Salowey (jsalowey) wrote:
[Joe] Regardless of whether it changes the basic processing model of
RADIUS or not, the processing of "string" attribtues has the same
security implications of complex attributes.
That presumes that "string" attributes should be processed. If the
the only operations performed on strings are to compare them for match
with other strings, they're not much risk. It's when you assume that
strings are more than simply names in some namespace that you can get
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.