Re: Storing Photos in Active Directory - jpegPhoto attribute - User class

From: Net Coder (netcoder77-msnews_at_yahoo.com)
Date: 07/24/04

Next message: Net Coder: "Secure Scheduling of Remote Tasks"
Previous message: Jared: "Re: find string if not preceded with @ anywhere in the string"
In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Storing Photos in Active Directory - jpegPhoto attribute - User class"
Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Storing Photos in Active Directory - jpegPhoto attribute - User class"
Reply: Joe Kaplan \(MVP - ADSI\): "Re: Storing Photos in Active Directory - jpegPhoto attribute - User class"
Messages sorted by: [ date ] [ thread ]

Date: Sun, 25 Jul 2004 04:24:50 +1000

Joe Kaplan (MVP - ADSI) wrote:
> On the activedir.org mailing list, there was a discussion about this a few
> months ago. Depending on the size of the objects, this may or may not be a
> problem with replication. That tends to be very sensitive to your actual
> deployment and how often they change (probably not very often I assume).
> You might want to add them to the directory slowly if you are worried and
> try to keep the sizes down.
> However, one thing to consider is that by default, users have rights to
> modify this property directly with their own account AND the attribute has
> no max size. As such, it could be used maliciously by some users as a DoS
> attack on your DC if they decided to upload their swap file or something
> similarly large. You might want to think carefully about allowing users
> rights to modify this attribute directly.

Hmm. The object does not have maximum or minimum size set but the ACL
on a W2K3 AD server in native mode doesn't seem to allow SELF write to
the jpegPhoto attribute/property, or am I missing something?

Next message: Net Coder: "Secure Scheduling of Remote Tasks"
Previous message: Jared: "Re: find string if not preceded with @ anywhere in the string"
In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Storing Photos in Active Directory - jpegPhoto attribute - User class"
Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Storing Photos in Active Directory - jpegPhoto attribute - User class"
Reply: Joe Kaplan \(MVP - ADSI\): "Re: Storing Photos in Active Directory - jpegPhoto attribute - User class"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Storing Photos in Active Directory - jpegPhoto attribute - User class
... Joe Kaplan (MVP - ADSI) wrote: ... Depending on the size of the objects, this may or may not be a ... > rights to modify this attribute directly. ...
(microsoft.public.dotnet.languages.vb)
Re: How to give Receptionist Permissions.
... > When you attributes do you mean directly in ADSI? ... To modify the rights on specific attributes you can use e.g. ... Prev by Date: ...
(microsoft.public.windows.server.active_directory)
Re: Re: they are ranging such as the suburb now, wont urge blades later
... modify them? ... Where did Zebediah top the review to the inclined ... fit might send some inappropriate pans. ... emphasizing in conjunction with cautious, minus wrong, depending on ...
(sci.crypt)
Re: User rights.
... > all permissions and rights granted to any and all groups ... >From this I think I can infer that I am a member of both the administrator ... group as well as the user group and as such denying delete rights to the ... Keep in mind that modify includes delete. ...
(microsoft.public.windowsxp.security_admin)
Re: Modify default replication wait period in ADAM
... This posting is provided "AS IS" with no warranties, and confers no rights ... > Use of included script samples are subject to the terms specified at ... >> I am trying to find out how to modify the default amount of time an ADAM ... > instance waits to push a directory change to a member of a replica set. ...
(microsoft.public.windows.server.active_directory)