[RADIATOR] SessionDatabase SQL

Michael ringo at vianet.ca
Wed Apr 13 10:59:26 CDT 2011


copy and paste from the manual:
If DeleteQuery is defined as an empty string,
then the query will not be executed.

The manual is quite informative, and organised quite well.  I know manuals suck 
to read sometimes, but the radiator manual is one of the best organized manuals 
i've seen.  Of course, that's a personal opinion.


Michael

On Wed, 13 Apr 2011, Eddie Stassen wrote:

> Hi,
>
> Could someone please explain the rationale behind calling DeleteQuery
> on the session database when an authentication packet is received?  It
> makes no sense to me since the mere reception of an
> Authentication-Request is no indication that a session has ended.  It
> also means it is potentially very easy for users to bypass
> simultaneous login limitations by simply making a faking a second PPP
> session with a bad password (or spoofing an Authentication-Request),
> which will cause their existing radonline entry to be deleted and
> allow the account to be used from anywhere else.
>
> Is there any way to disable this behaviour without hacking the code?
>
> Eddie
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>


More information about the radiator mailing list