"+" string converted to "=2B" in SQL request
Alan DeKok
aland at deployingradius.com
Mon Mar 5 17:31:36 CET 2018
On Mar 5, 2018, at 11:28 AM, Tony LEMEUNIER <Tony.Lemeunier at novelcom.fr> wrote:
> And thanks for your reply.
> My radius is on private LAN, so no risk.
Do you trust all of the users who log in via the RADIUS server?
a) yes - you should (mostly) be fine
b) no - you will get pwned.
It's not about "private LAN". The users are sending *names and passwords* to the RADIUS server, among other data. That data is under the users control, and they can change it to do malicious things.
Alan DeKok.
More information about the Freeradius-Users
mailing list