I'm writing a RADIUS book... who's interested?
I'm in the process of writing a RADIUS book, with everything I've learned over the last 10 years working with RADIUS. I'm wondering who's interested. :) The goal is to have 200-300 pages of densely packed information. The working title is "Deploying RADIUS: Practices and Principles". My main difficult is that I'm finding it hard to bootstap the book. i.e. time/money. I'm wondering who's interested in buying the book (i.e. is there a market for it). Having a known market means it's much easier for me to find the time to finish it I'm also wondering how many people are interested in buying pre-prints, with additional rights not available to the average buyer. (i.e. internal duplication, etc). This *is* a call for funding. I've been putting a lot of work into the server for many years now, and it just keeps getting bigger and better. With additional funding, I should be able to devote significantly more time to developing those features and documentation that everyone is interested in. Please respond privately with interest, if any. Alan DeKok.
Hi To be honest I do not know is it really problem with encoding. We integrate OpenSer with Radius and during INVITE phase Freeradius receives: Digest-User-Name = "test001" Digest-Realm = "test.pl" Digest-Nonce = "44be69da8b019499f882d3422d4e80e54a457bee" Digest-URI = "sip:+48580001@test.pl" Digest-Method = "INVITE" Digest URI contains "sip:+48580001@test.pl" which is value typed by user. But few lines below sql statement is called but this time Digest URI has incorrect value: test.authorize_reply('test001@test.pl', 'sip:=2B48580001@test.pl', 'INVITE' )' '+' character was converted to hexadecimal representation. Do you know why this conversion happen? And how to switch off this conversion. Regards Michal Szymanski
biuro@globeinphotos.com wrote:
Digest URI contains "sip:+48580001@test.pl" which is value typed by user. But few lines below sql statement is called but this time Digest URI has incorrect value:
See "sql.conf", "safe_characters". By default, "+" is escaped before being inserted into sql. Otherwise, you may be vulnerable to SQL injection attacks.
Do you know why this conversion happen? And how to switch off this conversion.
Switch it off with care. If you do that, users may log in with SQL commands, and do strange things to your DB. Alan DeKok.
participants (2)
-
Alan DeKok -
biuro@globeinphotos.com