On 2011-09-27 at 15:29 -0700, Brian Spraker wrote:
> public_name = PLAIN
This should be used by most things except Outlook.
> public_name = LOGIN
This is probably being used by Outlook.
> server_condition = ${lookup mysql{SELECT user_uid FROM horde_users WHERE
> user_uid="$1" AND user_pass="$2"}{1}fail}
This is a MySQL injection attack vector because you're not using
quote_mysql, as you do in the PLAIN case.
> Just not understanding why it is working for those using Outlook without any
> troubles - but it isn't working with the Android device and causing issues
> for one of my providers using PHP to send messages.
SASLprep normalisation by the Android client or Outlook, and not by the
other? Are the users using non-ASCII characters in their passwords?
Or lack of normalisation and non-ASCII characters and different
character sets in use.
-Phil
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
