Re: [exim] exim-4.96rc0 Tainted arg

Góra strony
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Dla: exim-users
Temat: Re: [exim] exim-4.96rc0 Tainted arg
On 03/05/2022 13:22, Odhiambo Washington via Exim-users wrote:
> Question is whether I am creating a security loophole by doing the above.


So long as the selection parameter "username" is a plain-old
column in your DB (and not some magic way of cooking the
"where" selectors) that looks fine.

I don't know if MySQL can do anything like the latter,
but if you are looking up real data in the DB, as most
people use a DB, you're good.

--
Cheers,
Jeremy