Can unlang do this?
Alan DeKok
aland at deployingradius.com
Thu Apr 24 20:57:07 CEST 2008
Chris wrote:
> I guess the trick is fixing it (breaking it?) so this works without
> opening up any vectors for injection attacks. Would it be safe to
> exclude the "control" list from being escaped like this? It seems that
> only attributes in the the request and proxy-request lists would be the
> real problems.
Yes and no. The best way is via a "tainted" flag, like Perl. But
that involves a lot more work.
> Would it have been so difficult to say "man unlang see update" instead
> of just "man unlang"? You spent more time complaining about the way I
> asked the question than it would have taken to answer it. ;)
Exactly.
I wish to emphasize *thinking* and *reading*. Answering questions by
cutting & pasting portions of the documentation is a disservice to
everyone. It has it's appeal, but it's wrong.
Alan DeKok.
More information about the Freeradius-Users
mailing list