On 10/11/2020 20:45, Sebastian Nielsen via Exim-users wrote:
> I think as I said, provide a untaint tool, that allows custom data to verify
> against.
>
> Like:
> ${untaint(${var},
> "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")}
No; this is a bad idea.
It is far to easy for someone to write a matcher which just
untaints everything, disabling the security. Three people
would do that, and one would post it on serverfault. Then
it would be cargo-culted forever.
--
Cheers,
Jeremy
