The last time doRFC2254Encoding was used was just before Jetty 6.1.9 ... https://github.com/jetty-project/codehaus-jetty6/blob/jetty-6.1.9/modules/plus/src/main/java/org/mortbay/jetty/plus/jaas/spi/LdapLoginModule.java#L327
as part of the getUserRoles() method, to sanitize the raw ldap filter declaration. Since Jetty 7.x that doRFC2254Encoding was no longer needed, as we let the LDAP implementation do the sanitation/filtering via the DirContext.search() method now. https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java#L356-L358 Joakim Erdfelt / [email protected] On Wed, Dec 28, 2016 at 10:07 AM, Samuel Martinucci < [email protected]> wrote: > Hi, > > I am trying to prevent my application from LDAP Injections and I've found > this method which is not in use anywhere, I'd like to know what is this for > and how to use it? Apparently this is what I need to apply to my LDAP > Queries. > > org.eclipse.jetty.jaas.spi.LdapLoginModule.doRFC2254Encoding > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
