Problem with encoding in Freeradius
aland at nitros9.org
Thu Jul 20 16:59:25 CEST 2006
biuro at globeinphotos.com wrote:
> Digest URI contains "sip:+48580001 at test.pl" which is value typed by user.
> But few lines below sql statement is called but this time Digest URI has
> incorrect value:
See "sql.conf", "safe_characters". By default, "+" is escaped
before being inserted into sql. Otherwise, you may be vulnerable to
SQL injection attacks.
> Do you know why this conversion happen? And how to switch off this
Switch it off with care. If you do that, users may log in with SQL
commands, and do strange things to your DB.
More information about the Freeradius-Users