Hi, A few time ago I updated courier-authlib with the debian security update against the SQL injections. The problem now is that I have a lot of users that log in without a domain in their login id (I had to keep passwords from an old qmail :'(, and then the username to log in is not [email protected] but user-and-some-random-things ...). Before the update, it was working fine, but right now it seems that the queries looks more like :
SELECT username, crypt, "", uid, gid, pop, "", quota, realname, "" FROM users WHERE username = 'remy@' The @ does not seem to be leaving. I've been looking quickly in the sources, and I've seen that the tests are still present in authmysqllib.c, but it does not looks like to be effective anymore... And by the way, I did not define any custom select query. Can anyone propose something that could solve this problem, or help me to debug it ? Some quick help would be appreciated, before I'm burned alive by my users/client... Thanks :) -- Rémy Sanchez Élève ingénieur à Telecom Lille-1 Et mon blog: http://hyperthese.net/
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
