SQL Injection
Connor Herring
connorrjherring at gmail.com
Thu Sep 19 11:18:37 UTC 2024
Hi Alan,
I hadn't seen it saying it had been fixed. Aside from enabling auto-escape
is there much else to be concerned about in relation to SQL injection?
Kind regards,
Connor
On Thu, Sep 19, 2024 at 12:13 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On Sep 19, 2024, at 4:10 AM, Connor Herring <connorrjherring at gmail.com>
> wrote:
> > Hopefully a quick one, is the SQL module still susceptible to SQL
> injection
> > in version 3.2.1 of FreeRADIUS? I was having a look through implementing
> > some anti SQL injection measures since I found a security notification on
> > the FreeRADIUS site for it, but given that it is quite an old
> notification,
> > is this still required? If it is, are there any recommended measures?
>
> You're worried about a report from 2005? And one which says that the
> issue has been fixed?
>
> Ok...
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list