Re: [Exim] Security when using quote_mysql?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Philip Hazel
Ημερομηνία:  
Προς: Jakob Hirsch
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] Security when using quote_mysql?
On Sun, 17 Mar 2002, Jakob Hirsch wrote:

> According to exim-spec 6.12 backslashes should be escaped when using
> quote_mysql. We use something like
> where local_part="${quote_mysql:${extract {1}{@%!}{$1}}}"


What exactly is the setting you use?

> Am I using quote_mysql in the wrong way or is this really a security
> issue?


I can't really tell without more data. There may be some problem with
the ordering of what is done.

> And even worse, I really don't think that such a verbose error message
> should be sent back in the SMTP dialogue:


It should be different in Exim 4.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.