is it dangerous to change sql safe_characters ?
Herwin Weststrate
herwin at quarantainenet.nl
Thu Jul 30 15:21:31 CEST 2015
On 30-07-15 14:51, d tbsky wrote:
> Hi Alan:
>
> ok. then I will give up the idea. I am curious is "\" dangerous?
Say we have a logging function that writes succesful authentications to
a database:
INSERT INTO logging (timestamp, username)
VALUES (now(), '%{User-Name}%')
With using the username "foo\" the query would become:
INSERT INTO logging (timestamp, username)
VALUES (now(), 'foo\')
Now the last "'" is escaped and the query generates a syntax error.
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list