Re: [exim] Connecting to mysql

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Phil Pennock
Dátum:  
Címzett: Exim Users
Tárgy: Re: [exim] Connecting to mysql
On 2010-03-04 at 15:15 +0000, Alain Williams wrote:
> I am doing a mysql lookup something like this:
>
>     ${lookup mysql{SELECT home, uid, gid FROM users WHERE userid = '$local_part' and domain = '$domain'}}


You're missing the use of the quote_mysql expansion operator, to protect
you from SQL injection attacks in the local-part -- do remember that
this is a perfectly valid email address, designed to reach me (by
configuration, not catchall):

"X'); DROP TABLE domains; DROP TABLE passwords; --"@???

So that should be:

${lookup mysql{SELECT home, uid, gid FROM users WHERE userid = '${quote_mysql:$local_part}' and domain = '${quote_mysql:$domain}'}}

> These are different databases with a different username/password. How to handle in exim:


Hrm. Shame that my.cnf doesn't let you define defaults for multiple
hosts. You can get around that, using multiple groups though ...

What you might look at is using mysql_options() with
MYSQL_READ_DEFAULT_GROUP on the mysql_handle immediately after the
mysql_init() call in src/lookups/mysql.c and supply a user-specifiable
group-name. Then you can define your hosts, passwords etc in
/etc/my.cnf and just refer to them with a group.

You might do something hacky like say "if the host part is empty (ie, it
starts with a /) then parse as key=value in each / section". That would
let you expand the syntax to supply as much or as little as wanted and
supply alternatives too, so:

${lookup mysql{servers=/group=db1; SELECT ...}}

Another option, with less coding, is to set up CNAMEs for localhost and
use a different one for each DB. Hacky, but gets you something quickly.

-Phil