Page 1 of 1

ldap_bind Injection

Posted: Mon Sep 27, 2010 5:29 am
by XeonSX
Hi,

Does anyone know if password characters need to be escaped before passing it to this function?
How to avoid injection or is it not possible with this ldap_bind?

Thanks

Re: ldap_bind Injection

Posted: Mon Sep 27, 2010 10:11 am
by pickle
No, you pass them in plain text. If you're worried about security, connect to your LDAP server using ldaps://