Skip to content

Commit dfc2867

Browse files
committed
Added a caution note about the LDAP injection attacks
1 parent 4a77589 commit dfc2867

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

security/ldap.rst

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,13 @@ use the ``ldap`` user provider.
167167
),
168168
);
169169
170+
.. caution::
171+
172+
The Security component escapes values provided when binding against an LDAP
173+
server (likewise for the user provider). However, the LDAP component does
174+
not provide any other escaping, so it's your responsibility to prevent
175+
the LDAP injection attacks.
176+
170177
The ``ldap`` user provider supports many different configuration options:
171178

172179
service

0 commit comments

Comments
 (0)