SQL Injection
Connor Herring
connorrjherring at gmail.com
Thu Sep 19 15:21:23 UTC 2024
Hi Alan,
I was purely interested in what measures FreeRADIUS had built in to
mitigate SQL injection attacks to understand whether an administrator would
need to implement anything themselves for the same reason.
Kind regards,
Connor
On Thu, Sep 19, 2024 at 12:23 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On Sep 19, 2024, at 7:18 AM, Connor Herring <connorrjherring at gmail.com>
> wrote:
> > I hadn't seen it saying it had been fixed. Aside from enabling
> auto-escape
> > is there much else to be concerned about in relation to SQL injection?
>
> The issue says:
>
> Two vulnerabilities in the SQL module exist in all versions prior to
> 1.0.3. Sites not using the SQL module are not affected by this issue.
> However, we still recommend that all sites upgrade to version 1.0.3.
>
> So... is it fixed in 1.0.3 or not?
>
> As for other attacks, do you expect that we ship the server with known
> attacks that we don't care about?
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list