how can LDAP injection blocked?
burak at arskom.com.tr
Tue Apr 28 15:10:43 CEST 2009
Michael Ströder yazmış:
> mete bilgin wrote:
>> I'm developing a web-based ldap gui with python ( with python-ldap ).
>> And i miss something about security. How can i blocked ldap injection?
> Could you please elaborate on what you mean with "ldap injection"?
i guess what he means is something like this: imagine the following filter:
where $input comes from a web form, or similar. if $input==')' you get
which is invalid.
so some form of input validation must be used.
please correct me if i'm wrong
More information about the python-ldap