Adrian wrote:
> By having
> server_condition = ${if crypteq {$3}{${lookup pgsql {SELECT password FROM
> users WHERE username='$2'}}}{yes}{no}}
> in the authenticator it was possible for me to execute a bad SQL query
> by sending this username:
> test'; INSERT INTO valid_email_addresses VALUES ('adrian', '[EMAIL
> PROTECTED]'); SELECT '
${quote_mysql:
> Is there a way to prevent this except by disabling write access for
> ths database user (which is certainly not a way to circumvent sql
It's always a good idea to have a database user with only the required
rights.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
