On Fri, 17 Mar 2000, Peter Radcliffe wrote:
> > bruker.epost='$local_part@$domain'} {$value}fail}
>
> This started me wondering ... user supplied data straight into a mysql
> query. If you managed to get the right characters into local_part
> couldn't you end up doing a random query that could be destructive ?
>
> Shouldn't this probably be wrapped with
> ${quote_mysql:$local_part@$domain} ?
Yes indeed. I should have remembered to point that out.
> On the subject of exim/mysql, I've been messing with it since I'm
> doing PHP/mysql in another area. Has anyone come up with a nice way
> to not let have passwords available to users on a shall machine where
> the config file has to be readable ?
Why does the config file have to be readable?
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
