Re: how can LDAP injection blocked?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

>
> i guess what he means is something like this: imagine the following filter:
>
> (&(objectClass=inetOrgPerson)(uid=$input))
>
> where $input comes from a web form, or similar. if $input==')' you get
>
> (&(objectClass=inetOrgPerson)(uid=)))
>
> which is invalid.
>
> so some form of input validation must be used.
>
> please correct me if i'm wrong
>
> best regards
> burak
It's have a login window. You can write your dn and password, after login you 
can search, list etc. But it's not to be too security. How can i stop them? 

Sorry for my english. It's not good at all. good day.