Menu
▾
▴
Re: how can LDAP injection blocked?
|
From: mete <met...@gm...> - 2009-04-28 15:08:49
|
> > i guess what he means is something like this: imagine the following filter: > > (&(objectClass=inetOrgPerson)(uid=$input)) > > where $input comes from a web form, or similar. if $input==')' you get > > (&(objectClass=inetOrgPerson)(uid=))) > > which is invalid. > > so some form of input validation must be used. > > please correct me if i'm wrong > > best regards > burak It's have a login window. You can write your dn and password, after login you can search, list etc. But it's not to be too security. How can i stop them? Sorry for my english. It's not good at all. good day. |
