directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From satish gutta <sat.gu...@gmail.com>
Subject Re: Problems with preventing LDAP injection
Date Tue, 29 Sep 2009 18:37:12 GMT
Yes, (attributeName='\28G*').

Yes using Apaches DS 1.5.4

On Tue, Sep 29, 2009 at 12:16 PM, Emmanuel Lecharny <elecharny@apache.org>wrote:

> satish gutta wrote:
>
>> To prevent attacks we scan our LDAP queries for special characters and
>> replace them with respective unicode values,
>>
>> we use the following code
>>
>>
>>
> Is the filter you are processing the internal part if the filter ? (ie, if
> the LDAP filter is something like (at=<internal part>), with <internal part>
> being "(g*")
>
> Is it on ADS 1.5.4 ?
>
> --
> --
> cordialement, regards,
> Emmanuel L├ęcharny
> www.iktek.com
> directory.apache.org
>
>
>


-- 
Thanks&Regards
Satish.Gutta

Mime
View raw message