Displaying 2 results from an estimated 2 matches for "ddf75b48".
Did you mean:
d1fb5b48
2015 Feb 02
0
quote strings passed to sql
...@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150202/ddf75b48/attachment.sig>
2015 Feb 02
3
quote strings passed to sql
Hello list. I'm thinking to migrate the hole user db from system users
to mysql. I already did it in a test environment, but something is
annoying my OCD... I don't quote the variables username and password
sent to the mysql server. I know, the mysql user that dovecot uses only
has select rights, but it stills bother me, because its possible to do
an useless sql code injection.
Is there a