Hitachi Vantara Pentaho Community Wiki
Child pages
  • A1 Injection

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
String principal = "cn=" + getParameter("username") + ", ou=Users, o=example";
String password = getParameter("password");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, password);
// Create the initial context
DirContext ctx = new InitialDirContext(env);


//Instead, implement code for LDAP as follows: 


//if the username contains LDAP specials, stop now
if ( containsLDAPspecials(getParameter("username")) ) {
    throw new javax.naming.AuthenticationException();
}
String principal = "cn=" + getParameter("username") + ", ou=Users, o=example”;
String password = getParameter("password");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, password);
// Create the initial context
DirContext ctx = new InitialDirContext(env);

...