Null SQL user
Peter Nixon
listuser at peternixon.net
Thu Sep 21 18:35:05 CEST 2006
On Thu 21 Sep 2006 19:03, Michael Griego wrote:
> There is a risk with this patch of running queries where the WHERE
> clause becomes WHERE UserName = ''... Which, I guess isn't really
> all that bad...
Thats exactly what _I_ wanted to happen..
As far as SQL is concerned a zero length username is perfectly legal and could
infact still return a password etc even without any of the fancy stored
procedure tricks I am using...
> I'm not sure I have any real problem with it, but we'll probably want
> to make the default sql_user_name configuration item %{User-Name:-
> DEFAULT} if we make the change this way.
It doesn't really bother me, but this is different behaviour to other
modules... Why rewrite it at all?
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20060921/84d68ba6/attachment.pgp>
More information about the Freeradius-Devel
mailing list