Re: [exim] exim-4.96rc0 Tainted arg

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] exim-4.96rc0 Tainted arg
On 03/05/2022 13:22, Odhiambo Washington via Exim-users wrote:
> Question is whether I am creating a security loophole by doing the above.


So long as the selection parameter "username" is a plain-old
column in your DB (and not some magic way of cooking the
"where" selectors) that looks fine.

I don't know if MySQL can do anything like the latter,
but if you are looking up real data in the DB, as most
people use a DB, you're good.

--
Cheers,
Jeremy