Hi, I'm wonderig if dovecot have any mechanism which prevent sql injection? I didn't find anything about that. How can I escape inputs in sql query? Best regards.
On Wed, 2006-11-15 at 14:55 +0100, guard wrote:> I'm wonderig if dovecot have any mechanism which prevent sql injection? > I didn't find anything about that. How can I escape inputs in sql query?You could just connect read-only to the database. No? ciao Luca
Thierry de Montaudry
2006-Nov-15 19:41 UTC
[Dovecot] Dovecot's MySQL authentication driver
Hi, I'm using a specific SQL user for dovecot and postfix, and this user only has SELECT rights to the database. Works well. Regards, Thierry On Wed, 15 Nov 2006 14:55:17 +0100 (CET), guard wrote:>Hi, >I'm wonderig if dovecot have any mechanism which prevent sql injection? >I didn't find anything about that. How can I escape inputs in sql query?>Best regards.
Quoting guard:> I'm wonderig if dovecot have any mechanism which prevent sql injection?I didn't check deeper, but there's code which uses mysql's escape function. Should be even save without that, as long as you are not messing with auth_username_chars.