Problem with encoding in Freeradius
Alan DeKok
aland at nitros9.org
Thu Jul 20 16:59:25 CEST 2006
biuro at globeinphotos.com wrote:
> Digest URI contains "sip:+48580001 at test.pl" which is value typed by user.
> But few lines below sql statement is called but this time Digest URI has
> incorrect value:
See "sql.conf", "safe_characters". By default, "+" is escaped
before being inserted into sql. Otherwise, you may be vulnerable to
SQL injection attacks.
> Do you know why this conversion happen? And how to switch off this
> conversion.
Switch it off with care. If you do that, users may log in with SQL
commands, and do strange things to your DB.
Alan DeKok.
More information about the Freeradius-Users
mailing list