Yancey Yeargan wrote: > > I believe he is asking how to defend against potential web-based LDAP > filter injection attacks (similar to SQL injection attacks),
Ah ok. To prevent someone to pass in special filter chars these have to be escaped before the user's input is used as (partial) value in the LDAP filter string representation. One should use the functions in module ldap.filter for that: http://www.python-ldap.org/doc/html/ldap-filter.html > or generally how to validate user input. This depends on the application's context and could be handled in the web app library. Ciao, Michael. ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
