Apostrophe in username
Stefan Winter
stefan.winter at restena.lu
Tue Oct 30 19:06:48 CET 2018
Hi,
>> Not a problem if the queries are properly escaped or parameterised.
>
> That's what the "safe_characters" configuration does. Allows "safe" characters, and escapes everything else.
Well, to be fair to the OP: using prepared statements would make all
those escaping adventures obsolete.
In other projects, I learned to love the ability to defer all escaping
questions to the library, and just send the stuff I want to send, with
peace of mind that this is exactly what will end up in the DB.
Greetings,
Stefan
> If you edit the configuration to allow apostrophe, then you *will* be open to attacks, and someone *will* destroy your database.
>
> ALan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20181030/440d5a9a/attachment.sig>
More information about the Freeradius-Users
mailing list