Ian Mitchell wrote: > 1. Tail maillog > 2. grep "user unknown" > 3. sed relay server > 4. insert into database "relay server" (which just happens to be spoofed > to include a "; drop database mysql" encoded in some obscure form)
Any time you use outside data, you have to sanitize it. You'd use normal careful programming techniques to avoid SQL injection; it's not that hard. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
