Re: [exim] tainted data issues

Pàgina inicial
Delete this message
Reply to this message
Autor: Sebastian Nielsen
Data:  
A: 'Mailing List'
Assumpte: Re: [exim] tainted data issues
>>I think it's relatively important to let people guard these de-taintings
with safety checks, such as 'is there dangerous content here'.

Agree, thats why I propose a simple character filter that also de-taints
variables.

>> I feel that people should not need to be experts in knowing what are safe

and dangerous characters and character sequences in order to create safe
Exim configurations.

Agreed, thats why I also propose the "standard sets" like %%SQL%%,
%%FILESYSTEM%% etc that give safe character sets to use with a particular
use case.
So theres both "standard" proven ways to do it, but also custom ways to do
it if you have special use cases.