connector/ldap/ldap.go · 3705207f0190a7dc55b85a076b83b58d77fdafec · hdacloud / dex

1 year ago

Do not escape password for LDAP connectors (#3470) · 3705207f

With the change introduced in https://github.com/dexidp/dex/pull/3372

Dex declines passwords that contain special characters. Since password is not passed to any kind of filters, it is safe to pass a password as is. No LDAP query injections are possible.

This commit is a revert of password escaping.

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

Unverified

3705207f

History

Do not escape password for LDAP connectors (#3470)

Maksim Nabokikh authored 1 year ago

With the change introduced in https://github.com/dexidp/dex/pull/3372

Dex declines passwords that contain special characters. Since password is not passed to any kind of filters, it is safe to pass a password as is. No LDAP query injections are possible.

This commit is a revert of password escaping.

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

Code owners

Assign users and groups as approvers for specific file changes. Learn more.