On 2013-05-21, Fabien Wang <fabien.wang@???> wrote:
> Hello,
>
> Currently using Exim version 4.80.1 #2,
>
> I'm using mysql authentification, it works great with plaintext passwords.
>
> I would like to use it with SHA1 encoded passwords, is it possible?
yes, but only for the authenticators that pass the password in the clear.
(so, not for cram_md5 or ntlm)
> yes, how?
It's easy, don't use "${if", "${lookup mysql" is sufficient.
You also need to fix your SQL injection vulnerability.
condition you want takes the form
condition = ${lookup mysql{SELECT 'yes' from account where \
domain = '${quote_mysql:$1}' and \
useranme = '${quote_mysql:$2}' and \
password_hash = md5('${quote_mysql:$3}') }{$value}{no}}
--
⚂⚃ 100% natural
