Re: [exim] Tainted filename for search

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jeremy Harris
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Tainted filename for search
On 05/06/2020 20:02, Laura Williamson via Exim-users wrote:
>   dkim_selector = ${lookup sqlite {/usr/exim/dkimcertificates select
> selector from dkimcerts where domain='$sender_address_domain'}{$value}}


As I told Max, one of:

- use the sqlite_dbfile main option
- use separate tables within one sqlite db rather than multiple db files
- ensure your sqlite lookup strings do not contain tainted data
(look in the Concept Index for de-tainting methods)
- move to a different db type
- wait for the next release
--
Cheers,
Jeremy