Can anyone spot any deficiencies in this username-sanitising config
fragment (assuming the set of "acceptable" characters is [A-Za-z0-9-_@]:
# This SessionDatabase SHOULD come last
<SessionDatabase NULL>
Identifier SDB-Dummy
</SessionDatabase>
# Trap dodgy usernames...
# This Handler MUST come first
<Handler User-Name=/[^A-Za-z0-9-_@]/>
RejectHasReason
SessionDatabase SDB-Dummy
<AuthBy FILE>
# This file has only 'DEFAULT Auth-Type="Reject:Bad characters"'
Filename %D/users-REJ-BadChars
</AuthBy>
</Handler>
Obviously(?), the idea is to match and reject on any username which
matches any character in the set [^A-Za-z0-9-_@].
Thanks,
Neale.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
