[jcifs] browsing a smaller network using netserverenum2
Michael B Allen
mba2000 at ioplex.com
Fri Feb 11 03:34:20 GMT 2005
Michael B Allen said:
> isLoggedInAsGuest now works with NULL creds (for Samba).
On second thought I'm going to nix this change. It's a *little* bit of a
security issue for us. If someone uses "guest" that's fine because that is
an account that must be enabled and active in the target domain / machine.
But "null" credentials do not refer to a real principal. It cannot be
disabled. So someone might be able to make an NTLM HTTP request that uses
"null" credentials and be successful. That would be a problem for the
filter at least.
Mike
More information about the jcifs
mailing list