Thanks Joakim, now it makes total sense. 2016-12-28 16:10 GMT-02:00 Joakim Erdfelt <[email protected]>:
> The last time doRFC2254Encoding was used was just before Jetty 6.1.9 ... > > https://github.com/jetty-project/codehaus-jetty6/blob/ > jetty-6.1.9/modules/plus/src/main/java/org/mortbay/jetty/ > plus/jaas/spi/LdapLoginModule.java#L327 > > as part of the getUserRoles() method, to sanitize the raw ldap filter > declaration. > > Since Jetty 7.x that doRFC2254Encoding was no longer needed, as we let the > LDAP implementation do the sanitation/filtering via the DirContext.search() > method now. > > https://github.com/eclipse/jetty.project/blob/jetty-9.4. > x/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/ > LdapLoginModule.java#L356-L358 > > Joakim Erdfelt / [email protected] > > On Wed, Dec 28, 2016 at 10:07 AM, Samuel Martinucci < > [email protected]> wrote: > >> Hi, >> >> I am trying to prevent my application from LDAP Injections and I've found >> this method which is not in use anywhere, I'd like to know what is this for >> and how to use it? Apparently this is what I need to apply to my LDAP >> Queries. >> >> org.eclipse.jetty.jaas.spi.LdapLoginModule.doRFC2254Encoding >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
