Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Directory limits
From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
Date: Fri, 16 Nov 2012 16:25:05 -0600

Presuming e-mail addresses can be looked up using your directory, the main reason I can think of is simply to increase the work-factor for spammers hitting your directory to gather e-mail addresses. I'm sure 20 is a rather arbitrary number. I suppose it usually is enough for someone to find who they're looking for but to limit the number of results exposed.

Here you can look up the list of all faculty and staff, though we only deliver 25 results per page. If a bot wants to hit all the entries in our directory to harvest addresses, it just has hit "next" repeatedly until it reaches the end. We don't publish student information in the directory, though are people arguing both sides of that issue so goodness knows if we will in the future.

Kevin

On 11/16/2012 3:45 PM, Roger A Safian wrote:
We have a limit the number of returns when looking up entries in our directory of twenty.  We've had this limit, or 
something like it in place since we discovered fire.  I always thought this was fairly typical.  Recently we have been asked to 
justify that choice.  As part of that, I'm wondering now, what do others do.  Is this pretty common?

Attachment: kevin_halgren.vcf
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]