[Dovecot] Passing data safely in password_key?
Timo Sirainen
tss at iki.fi
Fri Aug 2 15:32:42 EEST 2013
On Mon, 2013-07-29 at 09:22 +0200, Attila Nagy wrote:
> On 07/28/13 13:49, Attila Nagy wrote:
> > Hi,
> >
> > I would like to convert my custom POP/IMAP proxy to Dovecot's. In this
> > proxy I do more than giving back user name, password and the host and
> > I need extra information.
> > Luckily all of them are available as variables, but more than one
> > comes as user input (like user name and cleartext password) and I'm
> > not sure how to pass them safely.
> > Obviously I would need a separator, which is guaranteed not to show up
> > either in user name and the cleartext password.
> > Should I use escape (%E) here, or is there a better way?
> >
> Just for the record, this is what I use currently:
> password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass:
> %w^MAuth-Protocol: %s^M
> Client-IP: %r^M
I have no idea what you're talking about. What is password_key? The
password that is being sent to the backend IMAP/POP3 server?
More information about the dovecot
mailing list