(RADIATOR) protecting SQL characters

Hugh Irvine hugh at open.com.au
Thu Nov 10 17:17:56 CST 2005


Hello Stephane -

If you want to pass the strings as shown below, you will need to  
escape the "%" as follows:

	'%%Y-%%m-%%d'

see section 6.2 in the Radiator 3.13 reference manual ("doc/ref.html").

regards

Hugh


On 11 Nov 2005, at 02:54, DELORT Stephane wrote:

> Hello all,
>
>
>
> I use a MySQL database to authenticate my user and have request  
> that looks like :
>
>         <AuthBy SQL>
>                 DBSource        dbi:mysql:mydatabase:x.x.x.x
>                 DBUsername  radius
>                 AuthSelect select PASSWORD, if( from_unixtime 
> (enddate, '%Y-%m-%d') = curdate() , if( REMAINTIME < time_to_sec 
> (from_unixtime(ENDDATE, '%H:%M:%S'))-time_to_sec(curtime()) ,  
> REMAINTIME , time_to_sec(from_unixtime(ENDDATE, '%H:%M:%S'))- 
> time_to_sec(curtime()) ) ,  REMAINTIME) from USERS where LOGIN=%0  
> and REMAINTIME > 0 and ENDDATE > unix_timestamp() and  
> DAYTIMEENABLED=0 ;
>
>                 AuthColumnDef 0, User-Password, check
>                 AuthColumnDef 1, Session-Timeout, reply
>         </AuthBy>
>
>
> When this goes through the authentication process, Radiator reads  
> all the '%something' characters and replace them by the values that  
> can be found in Radiator special characters.
>
> This is obviously NOT what I want since these characters specify  
> the format in which the database answer should be read.
>
> Is there something I can do to avoid such a behaviour and be able  
> to read "... '%Y-%m-%d' ..." in the logs ?
>
>
> Regards,
> Stéphane
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list