Peter Burden wrote: > Since then, I've cut some code and have a working signing filter. > If anybody wants to have a look and let me know about any bugs > (obvious or subtle), source code is at > http://web.ptwol.net/sigfilter/sigfilter.c > It's in standard C and uses a MySQL database. > There are some explanations of how it works in the source code. >
I don't like criticizing you twice in one evening, but there are some pretty serious problems with this code: * Filter is threaded, but you're not taking the required steps to make mysql thread-safe: http://dev.mysql.com/doc/refman/5.0/en/threaded-clients.html * Filter uses global variables with no mutex protection. See above. * Filter doesn't handle shutdown (it needs to watch STDIN for EOF) * Filter seems to treat any "AUTH: LOGIN" as if it were a header * AUTH header won't always say "AUTH: LOGIN" * Filter doesn't free the "mime" variable, which creates a memory leak * Some variables aren't used at all * I strongly recommend that you use a MIME library for message parsing rather than trying to write your own. It's complicated. See if "GMime" fits your needs. * Finally, and most importantly IMO, you append a plaintext signature to any text part. It looks like this includes attached files. Regardless, by modifying the existing text parts, you invalidate PGP and SMIME signatures, which is bad. There are probably other things, but that's what I noticed after looking at the code for ten minutes... I've actually got a pythonfilter that does signatures sitting in CVS. A customer paid for it to be written, and I'm mostly waiting for them to confirm that it's working the way that they need it to before I release it. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
