(RADIATOR) sanitising usernames
Neale Banks
neale at lowendale.com.au
Wed Jun 6 03:50:37 CDT 2001
Can anyone spot any deficiencies in this username-sanitising config
fragment (assuming the set of "acceptable" characters is [A-Za-z0-9-_@]:
# This SessionDatabase SHOULD come last
<SessionDatabase NULL>
Identifier SDB-Dummy
</SessionDatabase>
# Trap dodgy usernames...
# This Handler MUST come first
<Handler User-Name=/[^A-Za-z0-9-_@]/>
RejectHasReason
SessionDatabase SDB-Dummy
<AuthBy FILE>
# This file has only 'DEFAULT Auth-Type="Reject:Bad characters"'
Filename %D/users-REJ-BadChars
</AuthBy>
</Handler>
Obviously(?), the idea is to match and reject on any username which
matches any character in the set [^A-Za-z0-9-_@].
Thanks,
Neale.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list