From 44eafeee62e6982131c62df6f74335114ca53024 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 26 Aug 2024 12:41:52 +0200
Subject: Adding upstream version 3.2.5+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 raddb/mods-available/sql | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'raddb/mods-available/sql')

diff --git a/raddb/mods-available/sql b/raddb/mods-available/sql
index 0f435ad..68ac4da 100644
--- a/raddb/mods-available/sql
+++ b/raddb/mods-available/sql
@@ -291,6 +291,23 @@ sql {
 		#
 		#  Setting 'max' to MORE than the number of threads means
 		#  that there are more connections than necessary.
+		#
+		#  The setting here should be lower than the maximum
+		#  number of connections allowed by the database.
+		#
+		#  i.e. There is no point in telling FreeRADIUS to use
+		#  64 connections, while the database is limited to 32
+		#  connections.  That configuration will cause the
+		#  server to be "starved" of connections, and it will
+		#  block during normal operations, even when the
+		#  database is largely idle.
+		#
+		#  At the same time, if the database is slow, there is
+		#  no point in increasing "max".  More connections
+		#  will just cause the database to run more slowly.
+		#  The correct fix for a slow database is to fix it, so
+		#  that it responds to FreeRADIUS quickly.
+		#
 		max = ${thread[pool].max_servers}
 
 		#  Spare connections to be left idle
@@ -371,6 +388,21 @@ sql {
 	# of the SQL module.
 	group_attribute = "SQL-Group"
 
+	#  When attributes read from the network are used in SQL queries
+	#  their values are escaped to make them safe.
+	#  By default FreeRADIUS uses its escaping routine which replaces
+	#  unsafe characters with their mime-encoded equivalent.
+	#  The list of safe characters is conservative, to allow for differences
+	#  between different SQL implementations.
+	#
+	#  If you are using the mysql or postgresql drivers, those have their
+	#  own escaping functions which only escape characters as required
+	#  by those databases.
+	#
+	#  Set this option to yes to use the database driver provided escape
+	#  function.
+#	auto_escape = no
+
 	# Read database-specific queries
 	$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
 }
-- 
cgit v1.2.3