Hi all,
I'm developing a web-based ldap gui with python ( with python-ldap ). And i
miss something about security. How can i blocked ldap injection? thanks all.
Good days.
ps: http://freshmeat.net/projects/pyldapadmin - pyldapadmin
--
mete bilgin wrote:
> I'm developing a web-based ldap gui with python ( with python-ldap ).
> And i miss something about security. How can i blocked ldap injection?
Could you please elaborate on what you mean with "ldap injection"?
Most security issues with attacking the connection can be cured wi
Michael Ströder yazmış:
> mete bilgin wrote:
>
>> I'm developing a web-based ldap gui with python ( with python-ldap ).
>> And i miss something about security. How can i blocked ldap injection?
>>
>
> Could you please elaborate on what you mean with "ldap injection"?
>
>
i guess what h
>
> i guess what he means is something like this: imagine the following filter:
>
> (&(objectClass=inetOrgPerson)(uid=$input))
>
> where $input comes from a web form, or similar. if $input==')' you get
>
> (&(objectClass=inetOrgPerson)(uid=)))
>
> which is invalid.
>
> so some form of input valida
I believe he is asking how to defend against potential web-based LDAP
filter injection attacks (similar to SQL injection attacks), or
generally how to validate user input. I think there are better forums
elsewhere (OpenLDAP perhaps) for asking this question.
There is a potential for abuse
Yancey Yeargan wrote:
>
> I believe he is asking how to defend against potential web-based LDAP
> filter injection attacks (similar to SQL injection attacks),
Ah ok. To prevent someone to pass in special filter chars these have to
be escaped before the user's input is used as (partial) value in t
