[Date Prev][Date Next] [Chronological] [Thread] [Top]

escaping strings in DN



hi

i just started typing this code:

ldap_simple_bind_s ("uid="+victim+",ou=People,dc=mine", pass);

(it is C, the + is just for simplification)

i think this is a security problem, as the user can type the "victim" in
an edit field. for example he can do:

victim="paul,foo=bar,i=you,he=she"

and creates effects not intended by the programmer.

i don't find a

ldap_escape_string

function. how do i escape the strings?

cu & thx
Erik

-- 
Erik Thiele