Problem with encoding in Freeradius

Alan DeKok aland at nitros9.org
Thu Jul 20 16:59:25 CEST 2006


biuro at globeinphotos.com wrote:
> Digest URI contains "sip:+48580001 at test.pl" which is value typed by user.
> But few lines below sql statement is called but this time Digest URI has
> incorrect value:

  See "sql.conf", "safe_characters".  By default, "+" is escaped
before being inserted into sql.  Otherwise, you may be vulnerable to
SQL injection attacks.

> Do you know why this conversion happen? And how to switch off this
> conversion.

  Switch it off with care.  If you do that, users may log in with SQL
commands, and do strange things to your DB.

  Alan DeKok.




More information about the Freeradius-Users mailing list