Escaping of User Names

Peter Nixon listuser at peternixon.net
Tue Feb 6 08:11:40 CET 2007


On Tue 06 Feb 2007 08:49, Alan DeKok wrote:
> Peter Nixon wrote:
> >>   The solution is probably to hack "sql_safe_chars" to escape
> >> characters above 0x80, or to have it validate UTF-8 strings... and then
> >> escape non-UTF-8 characers.
> >
> > Eeek. The user? Shouldn't the NAS be checking this then?
>
>   Nope.  NASes are dumb.

Yep. And users?

> > I am wondering why I am only getting the error from sqlippool and not
> > from the sql accounting or auth queries. It makes me think that we are
> > not doing something correctly in sqlippool. If you have a moment would
> > you be able to look at the sqlippool code and tell me if we are doing
> > something incredibly stupid?
>
>   Last I looked at it, it seemed fine.  I'll go check again.

Thanks.

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20070206/68f2233b/attachment.pgp>


More information about the Freeradius-Devel mailing list