[exim-dev] [Bug 1666] New: exim should log unexpanded querie…

Pàgina inicial
Aquest missatge és part del següent fil:
M++\l'arbre de fils complet ordenat per data
MMMM 
admin en ->
Delete this message
Reply to this message
Autor: admin
Data:  
A: exim-dev
Assumptes nous: [exim-dev] [Bug 1666] exim should log unexpanded queries
Assumpte: [exim-dev] [Bug 1666] New: exim should log unexpanded queries
https://bugs.exim.org/show_bug.cgi?id=1666 

            Bug ID: 1666
           Summary: exim should log unexpanded queries
           Product: Exim
           Version: 4.86
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Logging
          Assignee: nigel@???
          Reporter: arekm@???
                CC: exim-dev@???


If you use authenticator query like this:

server_condition = ${lookup mysql{SELECT .... WHERE
ENCRYPT('${quote_mysql:$auth2}')...}

then in case of sql db problems exim will happily log expanded query revealing
auth2 in plain text for example. Depending on user queries such logging my
reveal many things.

Like:

2015-08-03 10:21:36 login authenticator failed for ...: 435 Unable to
authenticate at present ...: lookup of "SELECT
...ENCRYPT('my-secret-pass-1234'...gave DEFER: MYSQL connection failed: Access
denied for user ...


That's quite bad. Exim while logging should log unexpanded sql query if
possible to never reveal such data.

--
You are receiving this mail because:
You are on the CC list for the bug.
Aquest missatge es va enviar a les següents llistes de correu:
Exim-dev
Informació sobre la llista de correu | Missatges propers		<-[exim-dev] [Bug 1664] OSCP stapling with GnuTLS results in dropped connections[exim-dev] [Bug 1666] exim should log unexpanded queries->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)