Autor: Thorkild Stray Datum: To: exim-users Neue Treads: [Exim] Virtual Users Betreff: Re: [Exim] mysql (Problem with smartuser.)
[Peter Radcliffe <pir@???>:] > This started me wondering ... user supplied data straight into a mysql
> query. If you managed to get the right characters into local_part
> couldn't you end up doing a random query that could be destructive ?
Yes, this is why I already do a lot of checking on the values. I left
some of it out here.
> Shouldn't this probably be wrapped with
> ${quote_mysql:$local_part@$domain} ?
that's one of the things I am wondering about. How much escaping is
done? How much more should I think about?
