Re: [exim] exim-4.96rc0 Tainted arg

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMOdhiambo Washington at <-
MMOdhiambo Washington at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] exim-4.96rc0 Tainted arg
On 03/05/2022 13:22, Odhiambo Washington via Exim-users wrote:
> Question is whether I am creating a security loophole by doing the above.

So long as the selection parameter "username" is a plain-old
column in your DB (and not some magic way of cooking the
"where" selectors) that looks fine.

I don't know if MySQL can do anything like the latter,
but if you are looking up real data in the DB, as most
people use a DB, you're good.

--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] exim-4.96rc0 Tainted argRe: [exim] exim-4.96rc0 Tainted arg->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)