20 Jul
2010
20 Jul
'10
4:57 p.m.
This opens up a security hole I wish to avoid - if someone knows what my circuit Id's look like, and that database is used in any context where a user can send an id/password to authenticate that does NOT have ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user id's for the bad guys to use. I am happy having a non-default sql database schema but I think I really need the sql lookup to be being based on ADSL-Agent-Circuit-Id and not User-Name.
OK. Read the docs on modifying the SQL schema and the SQL queries. Tim