[Date Prev][Date Next] [Chronological] [Thread] [Top]

escaping strings in DN

To: openldap-software@OpenLDAP.org
Subject: escaping strings in DN
From: Erik Thiele <erik@thiele-hydraulik.de>
Date: Thu, 22 May 2003 07:51:30 +0200
Organization: Thiele-Hydraulik

hi

i just started typing this code:

ldap_simple_bind_s ("uid="+victim+",ou=People,dc=mine", pass);

(it is C, the + is just for simplification)

i think this is a security problem, as the user can type the "victim" in
an edit field. for example he can do:

victim="paul,foo=bar,i=you,he=she"

and creates effects not intended by the programmer.

i don't find a

ldap_escape_string

function. how do i escape the strings?

cu & thx
Erik

-- 
Erik Thiele

Follow-Ups:
- Re: escaping strings in DN
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: AUTH with something else than username
Next by Date: Re: LDAP Queries
Index(es):
- Chronological
- Thread