Re: special characters in username in rlm_sql
Duane Cox wrote: Appartenly somewhere (rlm_sql ?) the username is being changed possible in an anti-injection function, I don't know. Can someone shed some light on this? For instance, in the debug snip below, the username 'dcoxdcox' is changed to 'dcox=26dcox' which of course fails the sql select statement. It's not a bug, it's a feature. It prevents SQL injection attacks on your backend database. http://www.google.com/search?q=sql+injection+attack As Alan said, you can change the safe-characters option in sql.conf, but only if you know exactly what you are doing. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
special characters in username in rlm_sql
I've tracked down why some of my users aren't authenticating... Appartenly somewhere (rlm_sql ?) the username is being changed possible in an anti-injection function, I don't know. Can someone shed some light on this? For instance, in the debug snip below, the username 'dcoxdcox' is changed to 'dcox=26dcox' which of course fails the sql select statement. radius_xlat: 'dcoxdcox'rlm_sql (sql): sql_set_user escaped user -- 'dcoxdcox'radius_xlat: 'select id, username, attribute, value, op from radcheck where username = 'dcox=26dcox' order by id'rlm_sql (sql): Reserving sql socket id: 4rlm_sql (sql): User dcoxdcox not found in radcheck - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in username in rlm_sql
Duane Cox [EMAIL PROTECTED] wrote: Appartenly somewhere (rlm_sql ?) the username is being changed possible in an anti-injection function, I don't know. Can someone shed some light on this? See sql.conf, look for safe characters. Edit at your own risk. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
