(RADIATOR) sanitising usernames
Hugh Irvine
hugh at open.com.au
Wed Jun 6 06:05:51 CDT 2001
Hello Neale -
You should probably add dot "." to your list, and don't forget to escape
magic characters (or all of them just to be sure...):
<Handler User-Name=/[^A-Za-z0-9\-\_\@\.]/>
And you should also test it thoroughly of course.
BTW - this topic has also been discussed on the mailing list, so you might
have a look at the archive site too.
regards
Hugh
On Wednesday 06 June 2001 18:50, Neale Banks wrote:
> Can anyone spot any deficiencies in this username-sanitising config
> fragment (assuming the set of "acceptable" characters is [A-Za-z0-9-_@]:
>
> # This SessionDatabase SHOULD come last
> <SessionDatabase NULL>
> Identifier SDB-Dummy
> </SessionDatabase>
>
> # Trap dodgy usernames...
> # This Handler MUST come first
> <Handler User-Name=/[^A-Za-z0-9-_@]/>
> RejectHasReason
> SessionDatabase SDB-Dummy
> <AuthBy FILE>
> # This file has only 'DEFAULT Auth-Type="Reject:Bad characters"'
> Filename %D/users-REJ-BadChars
> </AuthBy>
> </Handler>
>
> Obviously(?), the idea is to match and reject on any username which
> matches any character in the set [^A-Za-z0-9-_@].
>
> Thanks,
> Neale.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list