Avoid connecting to a LDAP server without password

This product is not supported for your selected Datadog site. ().
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: php-security/ldap-without-password

Language: PHP

Severity: Warning

Category: Security

CWE: 287

Description

This rule flags instances where a connection to an LDAP server is attempted without providing a password. Binding without a password can lead to anonymous access, which may expose sensitive directory information or allow unauthorized modifications.

To comply with this rule, always supply a valid password when calling ldap_bind. For example, use ldap_bind($server, $dn, $password); where $password is a non-empty string containing the correct credentials. If anonymous binding is necessary, ensure that it is a conscious decision backed by appropriate safeguards and documented accordingly.

Non-Compliant Code Examples

<?
ldap_bind($server, $dn, '');
ldap_bind($server, $dn, NULL);
?>

Compliant Code Examples

<?
ldap_bind($server, $dn, $password);
?>
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

원활한 통합. Datadog Code Security를 경험해 보세요

Datadog Code Security