(RADIATOR) protecting SQL characters
DELORT Stephane
Stephane.DELORT at murex.com
Thu Nov 10 09:54:50 CST 2005
Hello all,
I use a MySQL database to authenticate my user and have request that looks like :
<AuthBy SQL>
DBSource dbi:mysql:mydatabase:x.x.x.x
DBUsername radius
AuthSelect select PASSWORD, if( from_unixtime(enddate, '%Y-%m-%d') = curdate() , if( REMAINTIME < time_to_sec(from_unixtime(ENDDATE, '%H:%M:%S'))-time_to_sec(curtime()) , REMAINTIME , time_to_sec(from_unixtime(ENDDATE, '%H:%M:%S'))-time_to_sec(curtime()) ) , REMAINTIME) from USERS where LOGIN=%0 and REMAINTIME > 0 and ENDDATE > unix_timestamp() and DAYTIMEENABLED=0 ;
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Session-Timeout, reply
</AuthBy>
When this goes through the authentication process, Radiator reads all the '%something' characters and replace them by the values that can be found in Radiator special characters.
This is obviously NOT what I want since these characters specify the format in which the database answer should be read.
Is there something I can do to avoid such a behaviour and be able to read "... '%Y-%m-%d' ..." in the logs ?
Regards,
Stéphane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20051110/f3997fab/attachment.html>
More information about the radiator
mailing list