Menu
▾
▴
Re: how can LDAP injection blocked?
|
From: Burak A. <bu...@ar...> - 2009-04-28 13:11:01
|
Michael Ströder yazmış: > mete bilgin wrote: > >> I'm developing a web-based ldap gui with python ( with python-ldap ). >> And i miss something about security. How can i blocked ldap injection? >> > > Could you please elaborate on what you mean with "ldap injection"? > > i guess what he means is something like this: imagine the following filter: (&(objectClass=inetOrgPerson)(uid=$input)) where $input comes from a web form, or similar. if $input==')' you get (&(objectClass=inetOrgPerson)(uid=))) which is invalid. so some form of input validation must be used. please correct me if i'm wrong best regards burak |
