Check if LDAP Injection would be an issue in Glim

Question

Check if LDAP Injection would be an issue in Glim

Closed this issue 2 years ago · 2 comments

As @westurner suggests in #60, I'll check if LDAP Injection would affect Glim as I use Gorm for SQL operations (which would protect against SQL Injection)

Useful reference:

https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html

Answer 1 · 2022-09-28T18:10:01.000Z

Wrong PR (typo), keeping open

Answer 2 · 2022-10-19T02:33:37.000Z

As long as Glim gets LDAP statements user inputs and converts them into SQL queries managed by Gorm, this security issue should not affect Glim when serving LDAP requests. Will re-open if Glim LDAP support changes.