This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP Framework Security Project/Evaluations of LDAP Client APIs"
From OWASP
(→Overview) |
|||
| Line 22: | Line 22: | ||
<th>Score</th> | <th>Score</th> | ||
</tr> | </tr> | ||
| − | <tr><td>[http://directory.apache.org/api/user-guide/2-basic-ldap-api-usage.html Apache Directory LDAP API (java)]</td><td>?</td><td></td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td></tr> | + | <tr><td>[http://directory.apache.org/api/user-guide/2-basic-ldap-api-usage.html Apache Directory LDAP API (java)]</td> |
| − | <tr><td>[https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-j-l/cfldap.html ColdFusion 10 cfldap]</td><td>?</td><td></td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td></tr> | + | <td>?</td><td>NO</td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td> |
| − | <tr><td>[https://msdn.microsoft.com/en-us/library/System.DirectoryServices(v=vs.110).aspx .NET 4.5]</td><td>?</td><td></td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td></tr> | + | </tr> |
| − | <tr><td>[http://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod Perl Net::LDAP]</td><td>?</td><td></td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td></tr> | + | <tr><td>[https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-j-l/cfldap.html ColdFusion 10 cfldap]</td> |
| − | <tr><td>[http://php.net/manual/en/ref.ldap.php PHP 5]</td><td>?</td><td></td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td></tr> | + | <td>?</td><td>NO (-2)</td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td> |
| − | <tr><td>[http://www.python-ldap.org/ python-ldap]</td | + | </tr> |
| − | + | <tr><td>[https://msdn.microsoft.com/en-us/library/System.DirectoryServices(v=vs.110).aspx .NET 4.5]</td> | |
| − | + | <td>?</td><td>NO</td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td> | |
| + | </tr> | ||
| + | <tr><td>[http://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod Perl Net::LDAP]</td> | ||
| + | <td>?</td><td>YES</td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td> | ||
| + | </tr> | ||
| + | <tr><td>[http://php.net/manual/en/ref.ldap.php PHP 5]</td> | ||
| + | <td>?</td><td>NO (-1)</td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td> | ||
| + | </tr> | ||
| + | <tr><td>[http://www.python-ldap.org/ python-ldap]</td> | ||
| + | <td>?</td><td>YES</td><td></td><td></td><td></td><td></td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td><td>?</td> | ||
| + | </tr> | ||
</table> | </table> | ||
Revision as of 17:50, 19 January 2016
Here we evaluate and compare various LDAP Client APIs to understand how well they satisfy the Secure LDAP Client API Standard.
NOTE: Both the standard and evaluations below are in a draft state and are likely to change before formal publication.
Overview
| API | Grade | Documents the Security Risks of LDAP Filter Injection | Documents LDAP Bind Authentication Without Filter Queries | Provides an LDAP Filter Escape Function | Provides LDAP Filter Syntax Templates | Provides an Abstract API for LDAP Filter Queries | Supports LDAP with StartTLS | Supports LDAPS | Enables SSL/TLS Certificate Validation by Default | Documents the Customization of Trusted Certificate Authorities | Documents the Risk of Disabling Certificate Validation | Score |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apache Directory LDAP API (java) | ? | NO | ? | ? | ? | ? | ? | ? | ||||
| ColdFusion 10 cfldap | ? | NO (-2) | ? | ? | ? | ? | ? | ? | ||||
| .NET 4.5 | ? | NO | ? | ? | ? | ? | ? | ? | ||||
| Perl Net::LDAP | ? | YES | ? | ? | ? | ? | ? | ? | ||||
| PHP 5 | ? | NO (-1) | ? | ? | ? | ? | ? | ? | ||||
| python-ldap | ? | YES | ? | ? | ? | ? | ? | ? |
Notes
TODO: explain any quirks of APIs or reasoning on why the evaluation came out the way it did
Tickets
TODO: here we keep track of links to bug submissions/feature requests sent to each API maintainer
