how can LDAP injection blocked?

mete metebilgin48 at gmail.com
Tue Apr 28 17:08:04 CEST 2009


>
> i guess what he means is something like this: imagine the following filter:
>
> (&(objectClass=inetOrgPerson)(uid=$input))
>
> where $input comes from a web form, or similar. if $input==')' you get
>
> (&(objectClass=inetOrgPerson)(uid=)))
>
> which is invalid.
>
> so some form of input validation must be used.
>
> please correct me if i'm wrong
>
> best regards
> burak
It's have a login window. You can write your dn and password, after login you 
can search, list etc. But it's not to be too security. How can i stop them? 

Sorry for my english. It's not good at all. good day.




More information about the python-ldap mailing list