Szerző: Sebastian Nielsen Dátum: Címzett: 'Mailing List' Tárgy: Re: [exim] tainted data issues
>>I think it's relatively important to let people guard these de-taintings
with safety checks, such as 'is there dangerous content here'.
Agree, thats why I propose a simple character filter that also de-taints
variables.
>> I feel that people should not need to be experts in knowing what are safe and dangerous characters and character sequences in order to create safe
Exim configurations.
Agreed, thats why I also propose the "standard sets" like %%SQL%%,
%%FILESYSTEM%% etc that give safe character sets to use with a particular
use case.
So theres both "standard" proven ways to do it, but also custom ways to do
it if you have special use cases.