Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99735 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 24805 invoked from network); 4 Jul 2017 08:19:52 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Jul 2017 08:19:52 -0000 X-Host-Fingerprint: 62.180.109.77 unknown Received: from [62.180.109.77] ([62.180.109.77:5481] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 0A/5D-15131-6AF4B595 for ; Tue, 04 Jul 2017 04:19:51 -0400 Message-ID: <0A.5D.15131.6AF4B595@pb1.pair.com> To: internals@lists.php.net References: <2963553.WttLOBJENj@mcmic-probook> <16.D9.15131.F32CA595@pb1.pair.com> <4837555.saN6ZvxSLO@mcmic-probook> Date: Tue, 4 Jul 2017 10:19:46 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <4837555.saN6ZvxSLO@mcmic-probook> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Posted-By: 62.180.109.77 Subject: Re: [PHP-DEV] Re: [RFC] LDAP EXOP From: gmblar@gmail.com (Andreas Treichel) Hello, >> One thing though that I thought about: Chapter 4 of RFC 3062 explicitly >> > states that this function should only be available with confidentially >> > support like TLS. So perhaps we should check whether the data will be >> > transfered via a secure connection and - if not - raise an error? > Hum I get the idea but is that really our place? I mean the API won’t prevent you from storing password without hashing for instance. > And people can use ldap_modify to change the password without TLS, which is equally dangerous IMO. > For me it should be possible, and useful at least for tests. Prefer TLS is good, but is TLS also required on internal networks (e.g. docker)?