You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@streampark.apache.org by GitBox <gi...@apache.org> on 2022/11/08 07:12:28 UTC

[GitHub] [incubator-streampark] MonsterChenzhuo opened a new pull request, #1984: [cherry-pick] Fix vulnerability in LDAP login

MonsterChenzhuo opened a new pull request, #1984:
URL: https://github.com/apache/incubator-streampark/pull/1984

   <!--
   Thank you for contributing to StreamPark! Please make sure that your code changes
   are covered with tests. And in case of new features or big changes
   remember to adjust the documentation.
   
   ## Contribution Checklist
   
     - If this is your first time, please read our contributor guidelines: [Submit Code](https://streampark.apache.org/community/submit_guide/submit_code).
   
     - Make sure that the pull request corresponds to a [GITHUB issue](https://github.com/apache/streampark/issues).
   
     - Name the pull request in the form "[Feature] Title of the pull request", where *Feature* can be replaced by `Hotfix`, `Bug`, etc.
   
     - Fill out the template below to describe the changes contributed by the pull request. That will give reviewers the context they need to do the review.
   
     - If the PR is unfinished, add `[WIP]` in your PR title, e.g., `[WIP][Feature] Title of the pull request`.
   
   -->
   
   ## What changes were proposed in this pull request
   
   Issue Number: close #xxx <!-- REMOVE this line if no issue to close -->
   
   <!--(For example: This pull request proposed to add checkstyle plugin).-->
   
   ## Brief change log
   
   <!--*(for example:)*
   - *Add maven-checkstyle-plugin to root pom.xml*
   -->
   
   ## Verifying this change
   
   <!--*(Please pick either of the following options)*-->
   
   This change is a trivial rework / code cleanup without any test coverage.
   
   *(or)*
   
   This change is already covered by existing tests, such as *(please describe tests)*.
   
   *(or)*
   
   This change added tests and can be verified as follows:
   
   <!--*(example:)*
   - *Added integration tests for end-to-end.*
   - *Added *Test to verify the change.*
   - *Manually verified the change by testing locally.* -->
   
   ## Does this pull request potentially affect one of the following parts
    - Dependencies (does it add or upgrade a dependency): (yes / no)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-streampark] MonsterChenzhuo commented on pull request #1984: [cherry-pick] LDAP login bug fixed

Posted by GitBox <gi...@apache.org>.

MonsterChenzhuo commented on PR #1984:
URL: https://github.com/apache/incubator-streampark/pull/1984#issuecomment-1306758850

   LDAP injection is an attack used to exploit Web-based applications that construct LDAP statements based on user input. LDAP statements can be modified by techniques similar to [SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) when the application is unable to properly clean up user input.
   
   LDAP injection attacks can result in granting privileges to unauthorized queries and modifying the contents within the LDAP tree.
    LDAP injection attacks are common: due to two factors
   
       1. the lack of a more secure parameterized LDAP query interface
       2.Widespread use of LDAP to authenticate users of the system.
   
   `EqualsFilter` His role is more validation


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-streampark] MonsterChenzhuo commented on pull request #1984: [cherry-pick] LDAP login bug fixed

Posted by GitBox <gi...@apache.org>.

MonsterChenzhuo commented on PR #1984:
URL: https://github.com/apache/incubator-streampark/pull/1984#issuecomment-1306755767

   @tisonkun Hello, I am following the instructions of the e-mail, to complete, It is not very clear if the specific solution
   <img width="689" alt="图片" src="https://user-images.githubusercontent.com/60029759/200502049-a000ebd9-0c32-4174-ace6-1adbbf922898.png">
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-streampark] wolfboys merged pull request #1984: [cherry-pick] LDAP login bug fixed

Posted by GitBox <gi...@apache.org>.

wolfboys merged PR #1984:
URL: https://github.com/apache/incubator-streampark/pull/1984


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org