Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[2027] update rationale comment about acl check

Jelte Jansen 13 years ago
parent
d84cc75031
commit
dcafee23dc
1 changed files with 4 additions and 2 deletions
Unified View Show Diff Stats
  1. 4 2
      src/lib/python/isc/ddns/session.py

+ 4 - 2
src/lib/python/isc/ddns/session.py
View File 

@@ -243,8 +243,10 @@ class UpdateSession:
 
         try:
 
         try:
 
             self._get_update_zone()
 
             self._get_update_zone()
 
             # Contrary to what RFC2136 specifies, we do ACL checks before
 
             # Contrary to what RFC2136 specifies, we do ACL checks before
 
-            # prerequisites. Following the spec, information could leak,
 
-            # and we decided not to do so (as do other implementations)
 
+            # prerequisites. It's now generally considered to be a bad
 
+            # idea, and actually does harm such as information
 
+            # leak. It should make more sense to prevent any security issues
 
+            # by performing ACL check as early as possible.
 
             self.__check_update_acl(self.__zname, self.__zclass)
 
             self.__check_update_acl(self.__zname, self.__zclass)
 
             self._create_diff()
 
             self._create_diff()
 
             prereq_result = self.__check_prerequisites()
 
             prereq_result = self.__check_prerequisites()