Hi Alan, I hadn't seen it saying it had been fixed. Aside from enabling auto-escape is there much else to be concerned about in relation to SQL injection? Kind regards, Connor On Thu, Sep 19, 2024 at 12:13 PM Alan DeKok <aland@deployingradius.com> wrote:
On Sep 19, 2024, at 4:10 AM, Connor Herring <connorrjherring@gmail.com> wrote:
Hopefully a quick one, is the SQL module still susceptible to SQL injection in version 3.2.1 of FreeRADIUS? I was having a look through implementing some anti SQL injection measures since I found a security notification on the FreeRADIUS site for it, but given that it is quite an old notification, is this still required? If it is, are there any recommended measures?
You're worried about a report from 2005? And one which says that the issue has been fixed?
Ok...
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html