rlm_sql_mysql: safe characters

Stefan Winter stefan.winter at restena.lu
Wed Oct 11 13:38:18 CEST 2006


is it a problem to add the equal sign (=) to the list of safe characters for 
SQL databases? I imagine it might be because it is used to escape 
MIME-encoded special chars and that might confuse the FR server... I don't 
want to just try it on our production server; maybe someone has experience 
with this?

As a side-note, I wonder why the safe_characters list is so small. I know it 
is to prevent SQL injections, but the default queries are all encoded in 
single quotes ('...'), so there are more safe characters IMO. In particular, 
how about

# ! $ & * +

none of these should make problems within single quotes, or am I wrong here?


Stefan Winter


Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061011/b8ffb590/attachment.pgp>

More information about the Freeradius-Users mailing list