(RADIATOR) sanitising usernames

Hugh Irvine hugh at open.com.au
Wed Jun 6 06:05:51 CDT 2001


Hello Neale -

You should probably add dot "." to your list, and don't forget to escape 
magic characters (or all of them just to be sure...):

<Handler User-Name=/[^A-Za-z0-9\-\_\@\.]/>

And you should also test it thoroughly of course.

BTW - this topic has also been discussed on the mailing list, so you might 
have a look at the archive site too.

regards

Hugh

On Wednesday 06 June 2001 18:50, Neale Banks wrote:
> Can anyone spot any deficiencies in this username-sanitising config
> fragment (assuming the set of "acceptable" characters is [A-Za-z0-9-_@]:
>
> # This SessionDatabase SHOULD come last
> <SessionDatabase NULL>
> 	Identifier      SDB-Dummy
> </SessionDatabase>
>
> # Trap dodgy usernames...
> # This Handler MUST come first
> <Handler User-Name=/[^A-Za-z0-9-_@]/>
> 	RejectHasReason
> 	SessionDatabase SDB-Dummy
> 	<AuthBy FILE>
> 	# This file has only 'DEFAULT Auth-Type="Reject:Bad characters"'
> 		Filename %D/users-REJ-BadChars
> 	</AuthBy>
> </Handler>
>
> Obviously(?), the idea is to match and reject on any username which
> matches any character in the set [^A-Za-z0-9-_@].
>
> Thanks,
> Neale.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list