Hi,
on my way home today I thought a little bit about my setup which involves user and password lookups in an SQL database (Postgres). I asked myself whether I need to do anything to prevent SQL injection via forged user or domainnames.
In the wiki I didn't find anything specific, only http://wiki.dovecot.org/Variables which mentions that there is the %E modifier which escapes single quites and backslashes. This appears to be a good idea but I am asking myself whether I need to do this since it is not mentioned anywhere. Is anybody able to comment on this?
And BTW, it appears that one can use several modifiers at once. This is only implicitly mentioned in the wiki (You can apply modifier*s*), but it appears to work.
J.
Ultimately, the Millenium Dome is a spectacular monument of the doublethink of our times. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html