is it dangerous to change sql safe_characters ?
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Jul 30 15:02:53 CEST 2015
Hi,
> >> '\' => for windows account like "domain\user".
> >> "+","=" => for base64 encoding these two characters are used
> >>
> >> is it safe the add these characters to query.conf "safe_characters"?
> >
> > No.
>
> ok. then I will give up the idea. I am curious is "\" dangerous?
yes. backslash can be used for injection of arbitrary SQL commands if not escaped
properly...as can several other characters.... ' and " come to mind straight away
alan
More information about the Freeradius-Users
mailing list