On Fri, May 31, 2002 at 10:48:27AM -0400, Alan DeKok wrote: > Simon <[EMAIL PROTECTED]> wrote: > > > That's because of recent changes I made to the module. It now > > > escapes magic characters, and I'll add '.' to the list of characters > > > it doesn't escape. > > > > Could we please also add '@' to the list of non-escaped characters? > > Considering that '@' is used for realms it tends to show up alot in > > radacct, and the '=40' equivalent isn't very good looking :) > > OK, so long as no SQL back-end gets excited about '@'. > > The method I want to use is one of minimal inclusion, rather than > specific exclusion. e.g. rlm_sql/sql.c has it's own escape function, > which operates on the exclusion principle. That means it MAY be > possible to fool it. > > This is also known as 'better safe than sorry'
I checked with some of my more sql-knowledgeable co-workers, and they couldn't think of anything bad happening with '@' in querys etc, so it's most likely safe. Only speaking for mysql here though, none of the others. -- Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
