Announcement Announcement Module
No announcement yet.
LDAP Injectin (OWASP Top 10) Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP Injectin (OWASP Top 10)

    We are creating a document with our security guidelines, based on the OWASP Top 10. Our application is using Grails and the spring-security-ldap plugin for authenticating against and LDAP server. However, we need to document that LDAP Injection is prevented by using this plugin.

    I've found some information in another thread about using the DistinguishedName and Filter classes to prevent this (, but wanted to see something more official.

    Is there some place in the documentation and/or code that shows the username being properly escaped when authenticating against an LDAP server?

    Thanks so much