LDAP Injection

by ronfluegge 15. December 2017 16:05

LDAP injection is a type of security exploit that is used to compromise the authentication process used by some websites. Websites that construct Lightweight Directory Access Protocol (LDAP) statements from data provided by users are vulnerable to this type of attack.

LDAP directories store information, known as objects, for people, servers, printers and roles. If the directory is used for website authentication, the attacker can enter malicious code into a user input field, gain unauthorized access to the directory and view or change usernames and passwords.

LDAP injection works in much the same manner as SQL injection, a type of security exploit in which the attacker adds SQL (Structured Query Language) code to a Web form. Both types of attacks primarily occur due to missing or weak input validation that does not reject malformed input or strip malicious LDAP control characters before including untrusted user input in a query.

According to security experts, the main reason that LDAP injection and similar exploits work is the fact that security is not sufficiently emphasized during the application development process. To protect the integrity of Web sites that use forms, experts recommend implementing a sanitization process to control the types and numbers of characters that can be accepted by input boxes as well as the use of multi-factor authentication (MFA) for public-facing web applications.

Tags: ,

General

NYISO Generating Availability Data System (GADS)

by ronfluegge 12. February 2015 15:51

NYISO is pleased to announce that NYISO’s Training Team will be offering the, in-class, Generating Availability Data System (GADS) Seminar in April. 

 

How You Will Benefit:

 

You will learn generating unit GADS reporting requirements as used by the NYISO in:

  • Calculating unit derating factors for the Installed Capacity (ICAP) Market
  • Reliability studies produced by both the NYISO and  the New York State Reliability Council

 

What You Will Cover: 

  • GADS History & Origins
  • Design/Performance/Event Data
  • Common Errors
  • Example Scenarios
  • GADS Software
  • Use of GADS Data
  • Panel Discussion

 

Who Should Attend:

 

The GADS Seminar is intended for individuals directly responsible for handling the submittal of their organization’s generating availability data, or for those individuals who support that function.

 

Recommended Course Prerequisites:

 

N/A

 

Schedule:

 

·         Tuesday, April 21, 2015

·         8:30 AM to 12:00 PM

 

Location:

 

·         NYISO Offices, 10 Krey Boulevard, Rensselaer, NY 12144

 

Tuition And Fees:

 

·         $ 250.00

o   Tuition includes breakfast and lunch. You may request to purchase printed course materials during your registration check out, request a complimentary CD of the materials, or opt to obtain the materials directly from our website a week prior to class at no additional charge.

o   Participants may be invoiced or pay by credit card.

 

Registration:

 

To register for the course, complete the registration process by April 9, 2015, at: http://www.nyiso.com/public/services/market_training/nyiso_courses.jsp.

 

Cancellation:

 

If you cancel after the course registration deadline, cancellation fees may apply.

 

For additional information on course registration and/or hotel accommodations, please contact Debbie Doyle at 518-356-6274.

 

 

NYISO Generating Availability Data System (GADS) Portal Tutorial

by ronfluegge 6. December 2014 15:51

Generating Availability Data System (GADS) data is required by NYISO to determine the amount of capacity available for the Installed Capacity Market and to evaluate the reliability within the NY Control Area. The data is used to calculate the De-rating Factors for the NYISO Capacity Market. GADS data is used as an input into NYISO and the New York State Reliability Council's (NYSRC) Reliability Studies, specifically the Annual Installed Reserve Margin (IRM) Study for the New York Control Area and the NYCA Locational Capacity Requirements calculation. There are three types of data:  Design Data identifies the unit as an unique entity; Performance Data provides a summary of unit operation for a month; and Event Data consists of specific data for each event.

The NYISO GADS Portal accepts Performance and Event data.

The NYISO GADS portal enables Market Participants to upload standard GADS data files or to enter GADS Data directly via a user interface. MPs can edit/correct data errors identified during the submittal process. For example, users have the ability to correct a specific event start date or end date. The portal can also provide MPs with a standard 12 month ICAP EFORd report which captures a rolling 12-month period.

The NYISO GADS Portal was built by the GADS Open Source Project for the NYISO and can be accessed on the ICAP page of the NYISO website. 

In order to become an authorized user and submit GADS data through the portal, Market Participants will require a digital certificate and must be granted access to the portal. The GADS Administrator at the NYISO will provide access and each authorized user will have a User Name and password to access the Portal. The User Name will be the MIS User account name and the password entered will be their MIS password. Those MPs having an existing MIS account can request additional access to the GADS portal through the NYISO’s GADS administrator

This Portal training is meant to provide a high level introduction to the NYISO GADS Portal as part of the October 2014 deployment. This presentation assumes previous knowledge of GADS data and familiarity with the NYISO requirements.

For more comprehensive information on the NYISO GADS Data requirements please refer to the NYISO Installed Capacity Manual.

For more detailed information regarding the entire functionality of the NYISO GADS Portal, refer to the GADS Portal User’s Guide.

NYISO Generating Availability Data System (GADS) Portal Tutorial

Links to these additional resources are located at the end of the presentation.

Contact Debbie Doyle at ddoyle@nyiso.com for additional information.


Welcome to the GADS Open Source blog!

This will be an easy place to keep up on updates and news related to GADS and the GADS Open Source software.

Check out the FAQ section below as well.