Michael Ströder yazmış: > mete bilgin wrote: > >> I'm developing a web-based ldap gui with python ( with python-ldap ). >> And i miss something about security. How can i blocked ldap injection? >> > > Could you please elaborate on what you mean with "ldap injection"? > >
i guess what he means is something like this: imagine the following filter: (&(objectClass=inetOrgPerson)(uid=$input)) where $input comes from a web form, or similar. if $input==')' you get (&(objectClass=inetOrgPerson)(uid=))) which is invalid. so some form of input validation must be used. please correct me if i'm wrong best regards burak ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
