On 3.2.2015 23.39, Chad Roseburg wrote: > FailureQuery insert into RADAUTHLOG (TIME_STAMP, > USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
In addition to the other suggestions, I recommend either escaping the the information that is supplied by the user with %Quote, see '5.2 Special characters' in the reference manual or using SQL bind variables. SQL bind variables for AuthLog SQL are available with Radiator 4.13 or later. For example: FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON) values (?, ?, 0, ?) FailureQueryParam %t FailureQueryParam %n FailureQueryParam %1 In addition to this, you can also define UsernameCharset if you'd like to make sure any special characters in User-Name do not reach your SIP2 server. See the reference manual for more. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator