"+" string converted to "=2B" in SQL request

Stefan Winter stefan.winter at restena.lu
Tue Mar 6 07:52:21 CET 2018


Hi,

>   And then watch people pwn your database.  Because there's no separate list of safe characters for SELECT versus INSERT.
> 
>   We're working on fixing this for v4.

I've become a big fan of prepared statements to avoid this kind of issue.

Is the fix in v4 doing prepared statements?

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180306/77e61a59/attachment-0001.sig>


More information about the Freeradius-Users mailing list