Re: [exim] MySQL Auth with SHA1 passwords?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jasen Betts
Data:  
Para: exim-users
Assunto: Re: [exim] MySQL Auth with SHA1 passwords?
On 2013-05-21, Cyborg <cyborg2@???> wrote:
> Am 21.05.2013 10:53, schrieb Fabien Wang:
>
> just change the match from direct match to a indirect one:
>
>    server_condition = "${if and { \
>                        {!eq{$1}{}} \
>                        {!eq{$2}{}} \
>                        {eq{1}{${lookup mysql{SELECT '1' FROM mailboxes WHERE  (domain =\
>                        '${domain:$1}' \
>                        AND password = sha1('$2') AND username = '${local_part:$1}')}{$value}fail}} }} {yes}{no}}"


That's a recipe for SQL injection,


--
⚂⚃ 100% natural