Re: [exim] Database lookup tainted

Página Inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Para: exim-users
Assunto: Re: [exim] Database lookup tainted
On 02/06/2020 15:29, daniel@??? wrote:
> The only thing I replaced is database name, database user and password.
>
> so it is "127.0.0.1/mail/mailro/mysupersecretpassword"
> (password obviously changed), it doesn't say anything else...
>
> Pasting the full line here again:
> message: failed to expand "${lookup pgsql {servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='${quote_pgsql:$local_part@$domain}';}}": lookup of "servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='xx@xxxx';" gave DEFER: PostgreSQL server "127.0.0.1/xx/xx/xx" is tainted


So something in that database-server specification is tainted.

Per
http://exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECTspeserque

the preferred syntax is now to place the server spec directly after
the lookup type:

${lookup pgsql,servers=master/db/name/pw {UPDATE ...} }


--
Cheers,
Jeremy