Problem when trying to store NAS-Port-ID into radpostauth table

Alan DeKok aland at
Fri Sep 17 15:51:41 CEST 2021

On Sep 17, 2021, at 9:14 AM, Antônio Modesto <modesto at> wrote:
> That's really a problem. I did some tests and I don't think it is possible to do sql injection without allowing a single quote in safe_characters. Am I missing something?

  Backslashes?  Various other things?  You'll have to investigate your particular database in detail to see what's possible.

  We've listed what we know is safe.  Anything else is potentially dangerous.

  Alan DeKok.

More information about the Freeradius-Users mailing list