2015-07-30 21:21 GMT+08:00 Herwin Weststrate <herwin@quarantainenet.nl>:
On 30-07-15 14:51, d tbsky wrote:
Hi Alan:
ok. then I will give up the idea. I am curious is "\" dangerous?
Say we have a logging function that writes succesful authentications to a database:
INSERT INTO logging (timestamp, username) VALUES (now(), '%{User-Name}%')
With using the username "foo\" the query would become:
INSERT INTO logging (timestamp, username) VALUES (now(), 'foo\')
Now the last "'" is escaped and the query generates a syntax error.
but in 3.0.9 reality, if I add "\" to safe_character, freeradius will present it with "\\" when write to sql, and all other special characters are escaped by default, so everything seems fine. so I am curious what will go wrong. but I now only have username attribute which will have "\" character. I don't know if freeradius will present all the "\" with "\\" correctly for all the attributes Regards, tbskyd.