Author: Jakob Hirsch Date: To: alexis CC: exim-users Subject: Re: [exim] smtp authentication using default domain
alexis wrote:
> sounds dangerous.
What sounds dangerous? Please use proper quoting.
If you meant the sql injection stuff: Just use quote_mysql with every
externally provided string. In your query, it would be $auth1, which is
already quoted in my example for the domain part. Just do the same with
local_part:
... WHERE username='${quote_mysql:${local_part:$1}}' ...
> and what about to define a variable before (pseudo code) i cannot
> realize how to do this with exim yet, im new using it.
There's no such thing in exim. There's no real need for it, anyway.