FreeRadius replaces characters in '%{User-Password}' after upgrade 3.0.16->3.0.19

Dom Latter freeradius-users at
Thu Jul 18 14:48:57 CEST 2019

On 18/07/2019 12:21, Alan DeKok wrote:
>    The SQL module has always performed character escaping.  I'm not sure what changed, if anything.
>    The short answer is that you can expose your SQL server to injection attacks by editing the "safe_characters" string in mods-config/sql/main/mysql/queries.conf

Is using parameterised queries instead anywhere on the roadmap?

More information about the Freeradius-Users mailing list