From ccfc0b1275dd7f2875f2d9a2b5c775d9fce08425 Mon Sep 17 00:00:00 2001
From: "jan@unixpapa.com"
 <jan@unixpapa.com@8c465660-3f02-11de-a81c-fde7d73ceb89>
Date: Wed, 15 Jan 2014 02:29:22 +0000
Subject: [PATCH] Note about SQL injection.

---
 mod_authnz_external/AUTHENTICATORS | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/mod_authnz_external/AUTHENTICATORS b/mod_authnz_external/AUTHENTICATORS
index 98cde11..112ca49 100644
--- a/mod_authnz_external/AUTHENTICATORS
+++ b/mod_authnz_external/AUTHENTICATORS
@@ -26,6 +26,10 @@ SECURITY
    that are longer than 8192 characters, but don't depend this.  Check very
    carefully for buffer overflows.
 
+ - Don't make assumptions about the content of the login and password strings.
+   For example, if you are using them in an SQL query, do proper checking
+   and/or quoting to insure that nobody is doing SQL injection.
+
  - Think about locking.  It is possible to get lots of hits at your website
    very fast, so there may be many programs simultaneously reading your
    authentication database, plus updates may be going on at the same time.
-- 
2.50.1