Verify user supplied mails against LDAP

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache

Author: strifel

Maintainers

Avatar for strifel from gravatar.com strifel

Project description

# Pretix verify mails against ldap This is a pretix plugin that can be used to verify the user provided mails against an ldap server. This does not verify the users password.<br> WARNING: This does verify that the user registering is the owner of the mail address.

## Usage 1. Install 2. Configure in admin settings 3. Enable the plugin for your event.

## Security Conserns ### Query While we use a function of python-ldap to sanitize user input there might still be a possible exploit by inserting custom code into the ldap query. You should definitely use a read only user for ldap. User data should not be exposed as we do not print user data to the end user.

### Brutforcing Via a brutforcing attack this opens up the user to find valid mail adresses in your ldap. This is not different to a password reset feature telling you that it has (not) found an mail address.

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache

Author: strifel

Maintainers

Avatar for strifel from gravatar.com strifel

Release history Release notifications | RSS feed

This version

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pretix-ldap-mails-1.0.0.tar.gz (5.9 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page