# everywhere a username substitution is needed so you you can be sure
# the username passed from the client is escaped properly.
#
- #sql_user_name = "%{Stripped-User-Name}:-%{User-Name}}"
- # ^^^ --That doesn't work because someone screwed up decode_attribute()
+ #sql_user_name = "%{Stripped-User-Name:-%{User-Name}}"
+ #
#sql_user_name = "%{Stripped-User-Name}";
sql_user_name = "%{User-Name}"