Practical Spring LDAP: Enterprise Java LDAP Development Made Easy by Balaji Varanasi
Author:Balaji Varanasi [Varanasi, Balaji]
Language: eng
Format: epub, pdf
Tags: Computers & Technology, Networking, Networks; Protocols & APIs, Ldap, Programming, Languages & Tools, Java, Beginner's Guides, Software Design; Testing & Engineering, Software Development, Education & Reference, Computer Science, Programming Languages
ISBN: 9781430263975
Amazon: 1430263970
Publisher: Apress
Published: 2013-10-30T04:00:00+00:00
LDAP INJECTION
LDAP injection is a technique where an attacker alters an LDAP query to run arbitrary LDAP statements against the directory server. LDAP injection can result in unauthorized data access or modifications to the LDAP tree. Applications that don’t perform proper input validation or sanitize their input are prone to LDAP injection. This technique is similar to the popular SQL injection attack used against databases.
To better understand LDAP injection, consider a web application that uses LDAP for authentication. Such applications usually provide a web page that lets a user enter his user name and password. In order to verify that username and password match, the application would then construct an LDAP search query that looks more or less like this:
(&(uid=USER_INPUT_UID)(password=USER_INPUT_PWD))
Let’s assume that the application simply trusts the user input and doesn’t perform any validation. Now if you enter the text jdoe)(&))( as the user name and any random text as password, the resulting search query filter would look like this:
(&(uid=jdoe)(&))((password=randomstr))
If the username jdoe is a valid user id in LDAP, then regardless of the entered password, this query will always evaluate to true. This LDAP injection would allow an attacker to bypass authentication and get into the application. The “LDAP Injection & Blind LDAP Injection” article available at www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf discusses various LDAP injection techniques in great detail.
Preventing LDAP injection, and any other injection techniques in general, begins with proper input validation. It is important to sanitize the entered data and properly encode it before it is used in search filters.
Download
Practical Spring LDAP: Enterprise Java LDAP Development Made Easy by Balaji Varanasi.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Deep Learning with Python by François Chollet(12568)
Hello! Python by Anthony Briggs(9912)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(9795)
The Mikado Method by Ola Ellnestam Daniel Brolund(9777)
Dependency Injection in .NET by Mark Seemann(9336)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8293)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7760)
Grails in Action by Glen Smith Peter Ledbrook(7696)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7557)
Becoming a Dynamics 365 Finance and Supply Chain Solution Architect by Brent Dawson(7043)
Microservices with Go by Alexander Shuiskov(6808)
Practical Design Patterns for Java Developers by Miroslav Wengner(6720)
Test Automation Engineering Handbook by Manikandan Sambamurthy(6660)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6409)
Angular Projects - Third Edition by Aristeidis Bampakos(6068)
The Art of Crafting User Stories by The Art of Crafting User Stories(5597)
NetSuite for Consultants - Second Edition by Peter Ries(5534)
Demystifying Cryptography with OpenSSL 3.0 by Alexei Khlebnikov(5337)
Kotlin in Action by Dmitry Jemerov(5062)
