"+" string converted to "=2B" in SQL request

Alan DeKok aland at deployingradius.com
Mon Mar 5 17:31:36 CET 2018

On Mar 5, 2018, at 11:28 AM, Tony LEMEUNIER <Tony.Lemeunier at novelcom.fr> wrote:
> And thanks for your reply.
> My radius is on private LAN, so no risk.

  Do you trust all of the users who log in via the RADIUS server?

a) yes - you should (mostly) be fine

b) no - you will get pwned.

  It's not about "private LAN".  The users are sending *names and passwords* to the RADIUS server, among other data.  That data is under the users control, and they can change it to do malicious things.

  Alan DeKok.

More information about the Freeradius-Users mailing list