I've taken this even further: I have separate 'users' for postfix, postfixadmin (web frontend for virtual users/domains) and dovecot. Each *might* need specific rights.
Egbert Jan
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Thierry de Montaudry Sent: Wednesday, November 15, 2006 8:42 PM To: dovecot@dovecot.org; guard Subject: Re: [Dovecot] Dovecot's MySQL authentication driver
Hi,
I'm using a specific SQL user for dovecot and postfix, and this user only has SELECT rights to the database. Works well.
Regards,
Thierry
On Wed, 15 Nov 2006 14:55:17 +0100 (CET), guard wrote:
Hi, I'm wonderig if dovecot have any mechanism which prevent sql injection? I didn't find anything about that. How can I escape inputs in sql query?
Best regards.