Escaping of User Names

Alan DeKok aland at
Tue Feb 6 07:49:59 CET 2007

Peter Nixon wrote:

>>   The solution is probably to hack "sql_safe_chars" to escape characters
>> above 0x80, or to have it validate UTF-8 strings... and then escape
>> non-UTF-8 characers.
> Eeek. The user? Shouldn't the NAS be checking this then?

  Nope.  NASes are dumb.

> I am wondering why I am only getting the error from sqlippool and not from 
> the sql accounting or auth queries. It makes me think that we are not doing 
> something correctly in sqlippool. If you have a moment would you be able to 
> look at the sqlippool code and tell me if we are doing something incredibly 
> stupid?

  Last I looked at it, it seemed fine.  I'll go check again.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Devel mailing list