ldap_bind Injection

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
XeonSX
Forum Newbie
Posts: 1
Joined: Mon Sep 27, 2010 5:25 am

ldap_bind Injection

Post by XeonSX »

Hi,

Does anyone know if password characters need to be escaped before passing it to this function?
How to avoid injection or is it not possible with this ldap_bind?

Thanks
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: ldap_bind Injection

Post by pickle »

No, you pass them in plain text. If you're worried about security, connect to your LDAP server using ldaps://
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply