On 2013-05-21, Cyborg <[email protected]> wrote: > Am 21.05.2013 10:53, schrieb Fabien Wang: > > just change the match from direct match to a indirect one: > > server_condition = "${if and { \ > {!eq{$1}{}} \ > {!eq{$2}{}} \ > {eq{1}{${lookup mysql{SELECT '1' FROM mailboxes WHERE > (domain =\ > '${domain:$1}' \ > AND password = sha1('$2') AND username = > '${local_part:$1}')}{$value}fail}} }} {yes}{no}}"
That's a recipe for SQL injection, -- ⚂⚃ 100% natural -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
