Difference between revisions of "Talk:Preventing LDAP Injection in Java"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
Question - would it be better to encode using a whitelist approach?  I.e. encode everything that is not in a limited set of safe characters? Jeff Williams - 11:54, 14 August 2006 (EDT)  
 
Question - would it be better to encode using a whitelist approach?  I.e. encode everything that is not in a limited set of safe characters? Jeff Williams - 11:54, 14 August 2006 (EDT)  
 
+
:My only concern with that approach is that we'll be breaking the spec- some LDAP implementations may not handle escaped characters that are not meta-characters properly.  [[User:Stephendv|Stephendv]] 07:23, 11 September 2006 (EDT)
My only concern with that approach is that we'll be breaking the spec- some LDAP implementations may not handle escaped characters that are not meta-characters properly.  [[User:Stephendv|Stephendv]] 07:23, 11 September 2006 (EDT)
+

Revision as of 06:30, 11 September 2006

Question - would it be better to encode using a whitelist approach? I.e. encode everything that is not in a limited set of safe characters? Jeff Williams - 11:54, 14 August 2006 (EDT)

My only concern with that approach is that we'll be breaking the spec- some LDAP implementations may not handle escaped characters that are not meta-characters properly. Stephendv 07:23, 11 September 2006 (EDT)