Hi all,
This morning we adviced that if a user has a login name like
user'other-text'@realm,
when Radiator makes a query to mySQL, fails with an error like:
ERR: Execute failed for 'select NASIDENTIFIER, NASPORT
, ACCTSESSIONID from RADONLINE where USERNAME='user'other-text''':
Something is wrong in your syntax near 'other-text''' in line 1
The problem appear when you insert a single quote (') in the username.
In the manual, you say that with the command RewriteUsername, we can
remove any
character from a username.
I have few questions:
-RewriteUsername is a intensive CPU operation?
-Do you know other "prohibited" characters with mySQL?
-Can anybody exploit Radiator with malformed usernames or do a DoS
attack?
Thanks,
Anton
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
