Re: [exim] MySQL Auth with SHA1 passwords?

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Jasen Betts
Fecha:  
A: exim-users
Asunto: Re: [exim] MySQL Auth with SHA1 passwords?
On 2013-05-21, Fabien Wang <fabien.wang@???> wrote:
> Hello,
>
> Currently using Exim version 4.80.1 #2,
>
> I'm using mysql authentification, it works great with plaintext passwords.
>
> I would like to use it with SHA1 encoded passwords, is it possible?


yes, but only for the authenticators that pass the password in the clear.
(so, not for cram_md5 or ntlm)

> yes, how?


It's easy, don't use "${if", "${lookup mysql" is sufficient.

You also need to fix your SQL injection vulnerability.

condition you want takes the form

  condition =  ${lookup mysql{SELECT 'yes' from account where \
     domain = '${quote_mysql:$1}' and \
     useranme = '${quote_mysql:$2}' and \
     password_hash = md5('${quote_mysql:$3}') }{$value}{no}}


--
⚂⚃ 100% natural