2 Feb
2015
2 Feb
'15
7:07 p.m.
Hello list. I'm thinking to migrate the hole user db from system users to mysql. I already did it in a test environment, but something is annoying my OCD... I don't quote the variables username and password sent to the mysql server. I know, the mysql user that dovecot uses only has select rights, but it stills bother me, because its possible to do an useless sql code injection.
Is there a way to quote that? Something like exim's quote_mysql?
Saludos, Juan.