[RADIATOR] Account log to MySQL
Heikki Vatiainen
hvn at open.com.au
Thu Feb 5 07:35:18 CST 2015
On 3.2.2015 23.39, Chad Roseburg wrote:
> FailureQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
In addition to the other suggestions, I recommend either escaping the
the information that is supplied by the user with %Quote, see '5.2
Special characters' in the reference manual or using SQL bind variables.
SQL bind variables for AuthLog SQL are available with Radiator 4.13 or
later.
For example:
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE,
REASON) values (?, ?, 0, ?)
FailureQueryParam %t
FailureQueryParam %n
FailureQueryParam %1
In addition to this, you can also define UsernameCharset if you'd like
to make sure any special characters in User-Name do not reach your SIP2
server. See the reference manual for more.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list