Re: [exim] exim-4.96rc0 Tainted arg

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMJeremy Harris at <-
MMKirill Miazine at ->
Delete this message
Reply to this message
Author: Odhiambo Washington
Date:  
To: Jeremy Harris
CC: exim users
Subject: Re: [exim] exim-4.96rc0 Tainted arg
On Tue, May 3, 2022 at 3:36 PM Jeremy Harris via Exim-users <
exim-users@???> wrote:

> On 03/05/2022 13:22, Odhiambo Washington via Exim-users wrote:
> > Question is whether I am creating a security loophole by doing the above.
>
> So long as the selection parameter "username" is a plain-old
> column in your DB (and not some magic way of cooking the
> "where" selectors) that looks fine.
>
> I don't know if MySQL can do anything like the latter,
> but if you are looking up real data in the DB, as most
> people use a DB, you're good.
>

Yes, the "username" is a plain-old column in my DB.

Thank you.


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] exim-4.96rc0 Tainted argRe: [exim] exim-4.96rc0 Tainted arg->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)