8 Mar
2011
8 Mar
'11
1:30 p.m.
Can confirm this with openldap 2.4.24.
Using ldap search filters like this:
(cn=blabla' or '1'='1)
is at least causing my postgres to eat all CPU cycles it can get (LDAP data is based on complex view). I do not have write access enabled for that particular openLDAP installation, but I also assume that SQL Injection is possible. Beside being an obviuos malfunction, this should be considered a security issue.
atze