Talk:Preventing LDAP Injection in Java

From OWASP
Revision as of 06:23, 11 September 2006 by Stephendv (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Question - would it be better to encode using a whitelist approach? I.e. encode everything that is not in a limited set of safe characters? Jeff Williams - 11:54, 14 August 2006 (EDT)

My only concern with that approach is that we'll be breaking the spec- some LDAP implementations may not handle escaped characters that are not meta-characters properly. Stephendv 07:23, 11 September 2006 (EDT)