Re: [exim] MySQL Auth with SHA1 passwords?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: Re: [exim] MySQL Auth with SHA1 passwords?
Am 23.05.2013 13:45, schrieb Jasen Betts:
> On 2013-05-21, Cyborg <cyborg2@???> wrote:
>> Am 21.05.2013 10:53, schrieb Fabien Wang:
>>
>> just change the match from direct match to a indirect one:
>>
>>     server_condition = "${if and { \
>>                         {!eq{$1}{}} \
>>                         {!eq{$2}{}} \
>>                         {eq{1}{${lookup mysql{SELECT '1' FROM mailboxes WHERE  (domain =\
>>                         '${domain:$1}' \
>>                         AND password = sha1('$2') AND username = '${local_part:$1}')}{$value}fail}} }} {yes}{no}}"
>   That's a recipe for SQL injection,

>
>

because the mysqlquote() is missing, but that was already mentioned by
someone else.