On 2013-05-21, Cyborg <cyborg2@???> wrote:
> Am 21.05.2013 10:53, schrieb Fabien Wang:
>
> just change the match from direct match to a indirect one:
>
> server_condition = "${if and { \
> {!eq{$1}{}} \
> {!eq{$2}{}} \
> {eq{1}{${lookup mysql{SELECT '1' FROM mailboxes WHERE (domain =\
> '${domain:$1}' \
> AND password = sha1('$2') AND username = '${local_part:$1}')}{$value}fail}} }} {yes}{no}}"
That's a recipe for SQL injection,
--
⚂⚃ 100% natural