Null SQL user

Peter Nixon listuser at
Thu Sep 21 18:35:05 CEST 2006

On Thu 21 Sep 2006 19:03, Michael Griego wrote:
> There is a risk with this patch of running queries where the WHERE
> clause becomes WHERE UserName = ''...  Which, I guess isn't really
> all that bad...

Thats exactly what _I_ wanted to happen..

As far as SQL is concerned a zero length username is perfectly legal and could 
infact still return a password etc even without any of the fancy stored 
procedure tricks I am using...

> I'm not sure I have any real problem with it, but we'll probably want
> to make the default sql_user_name configuration item %{User-Name:-
> DEFAULT} if we make the change this way.

It doesn't really bother me, but this is different behaviour to other 
modules... Why rewrite it at all?


Peter Nixon
PGP Key:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the Freeradius-Devel mailing list