23 Dec
2005
23 Dec
'05
8:01 p.m.
On 23.12.2005, at 17:11, Wietse Venema wrote:
- The authentication server protocol uses the TAB character as a delimiter, so it is critical that legitimate user names don't contain this character. This is of course trivial to ensure with the authentication server implementation, so I will not worry about it.
Oh, right. Actually the replies may contain \001 escaped characters:
\001 1 -> \001 \001 t -> TAB \001 n -> LF
But in practice none of these should ever come. I haven't yet bothered to make Dovecot itself even unescape these internally. Maybe that could even be considered a feature. Usernames having TABs or LFs could cause all kinds of other trouble.