Re: [Exim] MySQL Authentication

Página Inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
Para: exim-users
Assunto: Re: [Exim] MySQL Authentication
On 2002-03-26 at 22:35 +0100, Phil Pennock wrote:
>                                     The question is, how much is
> stripped off by ${local_part: ?


Well, since the LHS can be wrapped in double-quotes and contain
whitespace ... it doesn't even _need_ to contain @anything.

> What happens if someone with an account not authorised for mail supplies
> $1 as something like:
>
> BadUser' or AuthMail = 'N


"' or userID = 'BadUser' or AuthMail = '"@???

${local_part: will return the LHS of that quite happily. As I say, you
don't even need the @example.org here.

Thanks to precedence, that boolean OR makes the first test for
->AuthMail = "Y"<- irrelevant.

CREATE TABLE users ( AuthMail CHAR(1), userID CHAR(64), passwd CHAR(13) );
INSERT INTO users VALUES ('N', 'Badman', 'wEZJCovcA7zFo');
INSERT INTO users VALUES ('Y', 'Fred', 'sx4p8ql4RO/.U');

SELECT passwd FROM users WHERE AuthMail = "Y" and userID = '"' \
or userID = 'Badman' or AuthMail = '"';


Yep, that returns the string "wEZJCovcA7zFo" as a password.

You definitely need the ${quote_mysql:....} in there.
--
Never underestimate the power of stupid people in large groups.