[exim-dev] [Bug 3066] tainted search query is not properly q…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Bugzilla
Ημερομηνία:  
Προς: exim-dev
Αντικείμενο: [exim-dev] [Bug 3066] tainted search query is not properly quoted discloses mysql password
https://bugs.exim.org/show_bug.cgi?id=3066

--- Comment #4 from David Saez <david@???> ---
No, the password is not included in the lookup, configuration used is like this
one:

MYSQL_MASTER = sql.foo.bar/database/MYSQL_AUTHUSER/MYSQL_AUTHPASSWORD
hide mysql_servers = MYSQL_MASTER

warn condition = ${lookup mysql{servers=sql.foo.bar; INSERT INTO ...

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/