Re: [exim] exim-4.96rc0 Tainted arg

Góra strony
Delete this message
Reply to this message
Autor: Odhiambo Washington
Data:  
Dla: Jeremy Harris
CC: exim users
Temat: Re: [exim] exim-4.96rc0 Tainted arg
On Tue, May 3, 2022 at 3:36 PM Jeremy Harris via Exim-users <
exim-users@???> wrote:

> On 03/05/2022 13:22, Odhiambo Washington via Exim-users wrote:
> > Question is whether I am creating a security loophole by doing the above.
>
> So long as the selection parameter "username" is a plain-old
> column in your DB (and not some magic way of cooking the
> "where" selectors) that looks fine.
>
> I don't know if MySQL can do anything like the latter,
> but if you are looking up real data in the DB, as most
> people use a DB, you're good.
>


Yes, the "username" is a plain-old column in my DB.

Thank you.


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)