|
Educause Security Discussion
mailing list archives
Re: Directory limits
From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
Date: Fri, 16 Nov 2012 16:25:05 -0600
Presuming e-mail addresses can be looked up using your directory, the
main reason I can think of is simply to increase the work-factor for
spammers hitting your directory to gather e-mail addresses. I'm sure 20
is a rather arbitrary number. I suppose it usually is enough for
someone to find who they're looking for but to limit the number of
results exposed.
Here you can look up the list of all faculty and staff, though we only
deliver 25 results per page. If a bot wants to hit all the entries in
our directory to harvest addresses, it just has hit "next" repeatedly
until it reaches the end. We don't publish student information in the
directory, though are people arguing both sides of that issue so
goodness knows if we will in the future.
Kevin
On 11/16/2012 3:45 PM, Roger A Safian wrote:
We have a limit the number of returns when looking up entries in our directory of twenty. We've had this limit, or
something like it in place since we discovered fire. I always thought this was fairly typical. Recently we have been asked to
justify that choice. As part of that, I'm wondering now, what do others do. Is this pretty common?
Attachment:
kevin_halgren.vcf
Description:
 By Date 
By Thread
Current thread:
|
