is it dangerous to change sql safe_characters ?

Alan DeKok aland at deployingradius.com
Thu Jul 30 09:38:53 CEST 2015


On Jul 30, 2015, at 8:11 AM, d tbsky <tbskyd at gmail.com> wrote:
>   we are using freeradius 3.0.9. and we want to make the sql
> accounting data easier to read/process.
> currently the characters below we may use are escaped by default
> 
> '\'   => for windows account like "domain\user".
> "+","=" => for base64 encoding these two characters are used
> 
> is it safe the add these characters to query.conf "safe_characters"?

  No.

> PS: by default the method to escap the "\" character seems not
> correct. when user use "domain\user" to login, if I check with
> "radiusd -X", the name sometimes present as 'domain\user', and
> sometimes present as "domain\\user". but finally when it write to sql,
> it becomes "domain=5C=5Cuser".
> I think the correct escaped string should be "domain=5Cuser" ?

  It depends where the string comes from.  See the debug output for details.

  Alan DeKok.



More information about the Freeradius-Users mailing list