Re: [exim] tainted data issues

Top Page
This message is part of the following thread:
M+-\the complete thread tree sorted by date
MM\MChris Siebenmann at <-
MMMMark Elkins at ->
Delete this message
Reply to this message
Author: Sebastian Nielsen
Date:  
To: 'Mailing List'
Subject: Re: [exim] tainted data issues
>>I think it's relatively important to let people guard these de-taintings
with safety checks, such as 'is there dangerous content here'.

Agree, thats why I propose a simple character filter that also de-taints
variables.

>> I feel that people should not need to be experts in knowing what are safe
and dangerous characters and character sequences in order to create safe
Exim configurations.

Agreed, thats why I also propose the "standard sets" like %%SQL%%,
%%FILESYSTEM%% etc that give safe character sets to use with a particular
use case.
So theres both "standard" proven ways to do it, but also custom ways to do
it if you have special use cases.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] tainted data issues[exim] Getting duplicate deliveries with redirect router->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)