This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Projects/OWASP Framework Security Project/Evaluations of LDAP Client APIs
From OWASP
Revision as of 17:39, 19 January 2016 by TimMorgan (talk | contribs) (Created page with "Here we evaluate and compare various LDAP Client APIs to understand how well they satisfy the Projects/OWASP_Framework_Security_Project/Secure_LDAP_API_Standard|Secure LDAP...")
Here we evaluate and compare various LDAP Client APIs to understand how well they satisfy the Secure LDAP Client API Standard.
NOTE: Both the standard and evaluations below are in a draft state and are likely to change before formal publication.
Overview
| API | Grade | Documents the Security Risks of LDAP Filter Injection | Documents LDAP Bind Authentication Without Filter Queries | Provides an LDAP Filter Escape Function | Provides LDAP Filter Syntax Templates | Provides an Abstract API for LDAP Filter Queries | Supports LDAP with StartTLS | Supports LDAPS | Enables SSL/TLS Certificate Validation by Default | Documents the Customization of Trusted Certificate Authorities | Documents the Risk of Disabling Certificate Validation | Score |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ColdFusion 10 cfldap | ? | ? | ? | ? | ? | ? | ? | |||||
| PHP 5 | ? | ? | ? | ? | ? | ? | ? | |||||
| Apache Directory LDAP API | ? | ? | ? | ? | ? | ? | ? | |||||
| .NET 4.5 | ? | ? | ? | ? | ? | ? | ? | |||||
| Perl Net::LDAP | ? | ? | ? | ? | ? | ? | ? | |||||
| python-ldap | ? | ? | ? | ? | ? | ? | ? | |||||
| ? | ? | ? | ? | ? | ? | ? | ||||||
| ? | ? | ? | ? | ? | ? | ? |
Notes
TODO: explain any quirks of APIs or reasoning on why the evaluation came out the way it did
Tickets
TODO: here we keep track of links to bug submissions/feature requests sent to each API maintainer
