similar to: Dovecot's MySQL authentication driver

Displaying 20 results from an estimated 30000 matches similar to: "Dovecot's MySQL authentication driver"

2015 Feb 02
3
quote strings passed to sql
Hello list. I'm thinking to migrate the hole user db from system users to mysql. I already did it in a test environment, but something is annoying my OCD... I don't quote the variables username and password sent to the mysql server. I know, the mysql user that dovecot uses only has select rights, but it stills bother me, because its possible to do an useless sql code injection. Is there a
2008 Mar 24
1
Authentication: Dovecot -> Vpopmail - > MySQL with one table per domain
Hi All, I am using Dovecot 1.0.13 with Vpopmail (Qmail Toaster current) backed by MySQL with one table per domain (--disable-many-domains) . What I cannot figure out is how to have Dovecot authenticate to Vpopmail when Vpopmail uses one table per domain. Basically I need dynamic SQL in the Dovecot-sql.conf file. Currently I have: password_query = select pw_clear_passwd as password from
2007 Jan 29
3
How to prevent SQL injection
Hi, on my way home today I thought a little bit about my setup which involves user and password lookups in an SQL database (Postgres). I asked myself whether I need to do anything to prevent SQL injection via forged user or domainnames. In the wiki I didn't find anything specific, only http://wiki.dovecot.org/Variables which mentions that there is the %E modifier which escapes single quites
2015 Feb 02
1
quote strings passed to sql
> Am 02.02.2015 um 18:07 schrieb Juan Bernhard: >> Hello list. I'm thinking to migrate the hole user db from system users >> to mysql. I already did it in a test environment, but something is >> annoying my OCD... I don't quote the variables username and password >> sent to the mysql server. I know, the mysql user that dovecot uses only >> has select
2005 Jan 12
2
dovecot + mysql (complements)
Hi, I've done some supplementary tests with tcpdump. Apparently, with a login containing the % character, there's no query send to MySQL. Do you know if the % character is filtered by dovecot ? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20050112/03106298/attachment-0002.html>
2016 Mar 24
1
C5 MySQL injection attack ("Union Select")
On Thu, Mar 24, 2016 at 9:08 AM, Always Learning <centos at u64.u22.net> wrote: >> I can't stress enough, mysql-5.0 on el5 is absolutely not updated >> security wise. > > Thanks. Reading it now. Just to be clear: you absolutely should upgrade to a currently maintained version of MySQL. However, upgrading will not protect you from SQL injection attacks. The probes
2006 Jul 16
4
migrations questions: MySQL -> postgreSQL
I started my app before migrations were a best practice and have been using SQL scripts. Now I''m looking at potentially having to move from using MySQL to postgreSQL to use a particular hosting provider. I understand migrations are the way to go to make this ''easy'' but it also looks like the use of migrations introduces extra work in other areas. I''d really
2016 Mar 24
4
C5 MySQL injection attack ("Union Select")
Valeri Galtsev wrote: > On Wed, March 23, 2016 10:21 pm, Always Learning wrote: >> mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using >> readline 5.1 <snip>> > Indeed. There are several flaws in how mysql handles data. This is why to Ok, do you have a link or two to info about that? > the best of my ability I am trying to avoid mysql, and use
2016 Mar 24
10
C5 MySQL injection attack ("Union Select")
mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using readline 5.1 I spotted something strange and immediately installed a routine to automatically impose an iptables block when the key used for database access is excessively long. My URL was something like this ...../...../.....php?key=123456 The injection was something like this
2018 Apr 25
7
[PATCH v4] fault-injection: introduce kvmalloc fallback options
On 04/25/2018 01:02 PM, Mikulas Patocka wrote: > > > From: Mikulas Patocka <mpatocka at redhat.com> > Subject: [PATCH v4] fault-injection: introduce kvmalloc fallback options > > This patch introduces a fault-injection option "kvmalloc_fallback". This > option makes kvmalloc randomly fall back to vmalloc. > > Unfortunatelly, some kernel code has bugs
2018 Apr 25
7
[PATCH v4] fault-injection: introduce kvmalloc fallback options
On 04/25/2018 01:02 PM, Mikulas Patocka wrote: > > > From: Mikulas Patocka <mpatocka at redhat.com> > Subject: [PATCH v4] fault-injection: introduce kvmalloc fallback options > > This patch introduces a fault-injection option "kvmalloc_fallback". This > option makes kvmalloc randomly fall back to vmalloc. > > Unfortunatelly, some kernel code has bugs
2018 Apr 24
4
[PATCH v3] kvmalloc: always use vmalloc if CONFIG_DEBUG_SG
On Tue 24-04-18 13:28:49, Mikulas Patocka wrote: > > > On Tue, 24 Apr 2018, Michal Hocko wrote: > > > On Tue 24-04-18 13:00:11, Mikulas Patocka wrote: > > > > > > > > > On Tue, 24 Apr 2018, Michal Hocko wrote: > > > > > > > On Tue 24-04-18 11:50:30, Mikulas Patocka wrote: > > > > > > > > > >
2009 May 27
3
(no subject)
Hi, I use a OpenLDAP for authentication. To authenticate a full DN as the user name must be used, like "cn=jim,ou=users,dc=example,dc=com". There are several domains, like example2.com and example3.com. I want to use Dovecot with ldap and authentication binds. For testing I use "auth_bind_userdn = cn=%n,ou=users,dc=%d" and the user name must provide as "jim at
2017 Jan 11
2
Dovecot and MariaDB/MySQL
Howdy - For most of my dovecot servers, they are small and I just use unix accounts. However I am going to be running a new server for more general users, webmail (probably roundcube but I'm hacking roundcube quite a bit, enough that I'm calling it squarepeg instead so users familiar with roundcube will know it is quite different) and it will use MariaDB for account management. I
2013 Apr 12
4
rails named scopes and sql injection
HI guys, I just came through an example on code of the place I work for that said something like this could be vulnerable to sql injection attacks: scope :with_name, lambda { |name| where("LOWER(name) LIKE ?", name.downcase) } I wonder if this is true. My thought is that rails should escape this and that anything that tried to do something different would fail on the translation
2016 Mar 24
3
C5 MySQL injection attack ("Union Select")
Valeri Galtsev wrote: > > On Thu, March 24, 2016 9:48 am, m.roth at 5-cent.us wrote: >> Valeri Galtsev wrote: >>> On Wed, March 23, 2016 10:21 pm, Always Learning wrote: >>>> mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using >>>> readline 5.1 >> <snip>> >>> Indeed. There are several flaws in how mysql handles
2020 Mar 10
2
[RFC] Speculative Execution Side Effect Suppression for Mitigating Load Value Injection
Hi everyone, Some Intel processors have a newly disclosed vulnerability named Load Value Injection. One pager on Load Value Injection: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection Deep dive on Load Value Injection: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection I wrote this compiler pass that can
2006 Oct 19
2
[HVM][SVM][PATCH][2/2] Delay ExtInt Injection
Patch 2/2 - Add flag to indicate that an exception event needs injecting, and to delay the ext interrupt injection. Remove unnecessary check of RFLAGS.IF for ExtInt injection. Applies cleanly to xen-unstable c/s 11831. Please apply to xen-unstable.hg. We would also want this patch to be in a 3.0.3-1 base whenever that is branched. Signed-off-by: Travis Betak <travis.betak@amd.com>
2008 Aug 08
3
Auth message
Recently my network was scanned. Various services was scanned, and checking the logs of mail server the following string draw my attention: mail dovecot: pop3-login: Disconnected: user=<ttejmgpfip>, method=PLAIN, rip=87.228.15.180, lip=x.x.x.x This looks weird to me, because pop3-login: Disconnected looks like succesful login attempt to me. I have no such user named ttejmgpfip exits ofc.
2017 Nov 29
2
Username character disallowed by auth_username_chars: 0x13
Hi, I'm receiving the following messages in my mail logs that I haven't seen before: Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?) Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?) There's