* Howard Chu:
Look at the volume of messages on this list related to ACLs - clearly,
most OpenLDAP admins are both conscious of and conscientious about
using effective ACLs.
I think the concern here is access control mechanisms fed from LDAP,
not access to the LDAP database itself.
Quite a
devzero2000 wrote:
On Fri, Oct 11, 2013 at 8:33 PM, Howard Chu h...@symas.com wrote:
A paper and presentation making the rounds, claiming to show how webapps
using LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
Michael Ströder wrote:
Howard Chu wrote:
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
Howard Chu wrote:
Look at the volume of messages on this list related to ACLs - clearly, most
OpenLDAP admins are both conscious of and conscientious about using effective
ACLs.
But unfortunately the majority of web app deployments with some sort of LDAP
server as backend use a *single* quite
Howard Chu wrote:
I suppose in a poorly designed app this is possible.
I think what's the paper is about: There are indeed many poorly designed apps
out there.
Reading access control
data from wrong LDAP entries is also wrong design. There is no reason for an
app to ever read access control
On Sat, Oct 12, 2013 at 12:34 PM, Howard Chu h...@symas.com wrote:
devzero2000 wrote:
On Fri, Oct 11, 2013 at 8:33 PM, Howard Chu h...@symas.com wrote:
A paper and presentation making the rounds, claiming to show how webapps
using LDAP are vulnerable to search filter spoofing attacks.
Michael Ströder wrote:
Howard Chu wrote:
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
http://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf
Can't
Howard Chu wrote:
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
On Fri, Oct 11, 2013 at 8:33 PM, Howard Chu h...@symas.com wrote:
A paper and presentation making the rounds, claiming to show how webapps
using LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
10 matches
Mail list logo