search for: quote_mysql

...ying my OCD... I don't quote the variables username and password sent to the mysql server. I know, the mysql user that dovecot uses only has select rights, but it stills bother me, because its possible to do an useless sql code injection. Is there a way to quote that? Something like exim's quote_mysql? Saludos, Juan.

...es username and password >> sent to the mysql server. I know, the mysql user that dovecot uses only >> has select rights, but it stills bother me, because its possible to do >> an useless sql code injection. >> >> Is there a way to quote that? Something like exim's quote_mysql? > > there is not much to quote when dovecot accepts only a limited set of > chars at all and otherwise don't send any query > > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% > auth_username_translation = > %@AaBbCcDdEeFfG...

...;t quote the variables username and password > sent to the mysql server. I know, the mysql user that dovecot uses only > has select rights, but it stills bother me, because its possible to do > an useless sql code injection. > > Is there a way to quote that? Something like exim's quote_mysql? there is not much to quote when dovecot accepts only a limited set of chars at all and otherwise don't send any query auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYy...

# head -1 /etc/centos-release CentOS release 6.5 (Final) Anyone using exim with MySQL support from epel without compiling direct from sources? I installed both packages below from epel: Installing: exim x86_64 4.72-5.el6 epel 1.2 M exim-mysql x86_64 4.72-5.el6 epel 24 k # rpm -qa | grep exim exim-mysql-4.72-5.el6.x86_64