Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] Tainted filename for search
On 05/06/2020 20:02, Laura Williamson via Exim-users wrote: > dkim_selector = ${lookup sqlite {/usr/exim/dkimcertificates select
> selector from dkimcerts where domain='$sender_address_domain'}{$value}}
As I told Max, one of:
- use the sqlite_dbfile main option
- use separate tables within one sqlite db rather than multiple db files
- ensure your sqlite lookup strings do not contain tainted data
(look in the Concept Index for de-tainting methods)
- move to a different db type
- wait for the next release
--
Cheers,
Jeremy