Symfony LDAP - Data Safety? #6795
Labels
hasPR
A Pull Request has already been submitted for this issue.
Comments
|
I just found #5756, so I'll follow along in there. |
|
Hi @micheal. I'll continue this discussion here instead, as this topic is much more specific than the general Ldap component's documentation. As of now, the LDAP component does not provide any security features, and it falls back on the developer to provide proper escaping. However, the |
|
Cheers. :) Well in that case, can the documentation be updated to reflect that? I'm happy to help write whatever. I'd just hate to see someone caught off-guard. |
|
Sure! By the way, if you also wish to contribute, feel free to submit a PR here! 😃 |
xabbuh
added a commit
that referenced
this issue
Mar 13, 2017
…viereguiluz) This PR was merged into the 2.8 branch. Discussion ---------- Added a caution note about the LDAP injection attacks After reading [this comment](#6795 (comment)) by @csarrazi I'm not sure which protection does the LDAP component offer and which one it doesn't ... so please, review this carefully. Thanks! Commits ------- dfc2867 Added a caution note about the LDAP injection attacks
|
Closing it as fixed by #7508. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reading the LDAP section (http://symfony.com/doc/current/components/ldap.html), it is fairly limited in information.
As a user of the documentation as a whole, I want to know a few things that the Doctrine information does explain. For example:
The text was updated successfully, but these errors were encountered: