[exim-dev] [Bug 1666] New: exim should log unexpanded querie…

Page principale
Ce message fait partie du fil suivant :
M++\Arborescence complète du fil triée par date
MMMM 
admin à ->
Supprimer ce message
Répondre à ce message
Auteur: admin
Date:  
À: exim-dev
Nouveaux-sujets: [exim-dev] [Bug 1666] exim should log unexpanded queries
Sujet: [exim-dev] [Bug 1666] New: exim should log unexpanded queries
https://bugs.exim.org/show_bug.cgi?id=1666 

            Bug ID: 1666
           Summary: exim should log unexpanded queries
           Product: Exim
           Version: 4.86
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Logging
          Assignee: nigel@???
          Reporter: arekm@???
                CC: exim-dev@???


If you use authenticator query like this:

server_condition = ${lookup mysql{SELECT .... WHERE
ENCRYPT('${quote_mysql:$auth2}')...}

then in case of sql db problems exim will happily log expanded query revealing
auth2 in plain text for example. Depending on user queries such logging my
reveal many things.

Like:

2015-08-03 10:21:36 login authenticator failed for ...: 435 Unable to
authenticate at present ...: lookup of "SELECT
...ENCRYPT('my-secret-pass-1234'...gave DEFER: MYSQL connection failed: Access
denied for user ...


That's quite bad. Exim while logging should log unexpanded sql query if
possible to never reveal such data.

--
You are receiving this mail because:
You are on the CC list for the bug.
Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-dev
Informations sur la liste de diffusion | Messages voisins		<-[exim-dev] [Bug 1664] OSCP stapling with GnuTLS results in dropped connections[exim-dev] [Bug 1666] exim should log unexpanded queries->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)