Autor: Odhiambo Washington Data: A: Jeremy Harris CC: exim users Assumpte: Re: [exim] exim-4.96rc0 Tainted arg
On Tue, May 3, 2022 at 3:36 PM Jeremy Harris via Exim-users <
exim-users@???> wrote:
> On 03/05/2022 13:22, Odhiambo Washington via Exim-users wrote:
> > Question is whether I am creating a security loophole by doing the above.
>
> So long as the selection parameter "username" is a plain-old
> column in your DB (and not some magic way of cooking the
> "where" selectors) that looks fine.
>
> I don't know if MySQL can do anything like the latter,
> but if you are looking up real data in the DB, as most
> people use a DB, you're good.
>
Yes, the "username" is a plain-old column in my DB.