stackoom
  简体   繁体   中英

How can we handle line feed in LDAP filters?

 原文  2016-09-02 06:36:25       java/ ldap

Question

Whenever I use a filter as 

(&(initials=abc)(title=manager)

)

this filter includes a line feed.

Executing this filter string reports an unbalanced parenthesis LDAP error.

Can any one please help out with this, how to handle line feeds? Are filters with line feeds supported in LDAP? Is this an invalid filter or can it be handled, maybe using some escaping techinique?

1 answers

solution1
 1  2016-09-02 06:51:22

Are you accepting filters from user input and using that directly as input to LDAP queries? For security reasons, I would strongly advise against ever using unsanitized user input in this way, regardless of the target database. The correct approach would be to accept parameters from the user and then dynamically build filters using those parameters (note that you still need to take escaping rules into account to prevent possible injection attacks. This is why you should use a tool to build dynamnic filters, eg the filter support included in Spring LDAP).

That said, this particular problem should be pretty easy to solve: just do a String.replace for the characters you want to remove from the filter before using it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can we handle the ConnectException? How to handle LDAP connection? how Filters handle Session how can we handle concurrent transactions in hibernate How to handle exceptions thrown in Filters? Can we connect to LDAP using hibernate How can we read the previous line in console? Can we confgure filters only for a subset of servlets How can we integrate LDAP (Lightweight Directory Access Protocol) in our android application? How can we handle Exception on an Async webservice call?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM