I'm using AuthBy SQL to authenticate user/passwd against an OTP session database, and everything is working just fine, but today I noticed a problem: what if a malicious user sets his username and/or password for something containing special SQL codes, like ', or ", etc...?
Well, I tried and it worked as expected: malicious queries can be done that way.
The question is: how do I solve that? RewriteUsername won't work for passwords... and also for accounting... the same problem exists.
Thanks,
Rodrigo
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
