On Mon, 2013-07-29 at 09:22 +0200, Attila Nagy wrote:
On 07/28/13 13:49, Attila Nagy wrote:
Hi,
I would like to convert my custom POP/IMAP proxy to Dovecot's. In this proxy I do more than giving back user name, password and the host and I need extra information. Luckily all of them are available as variables, but more than one comes as user input (like user name and cleartext password) and I'm not sure how to pass them safely. Obviously I would need a separator, which is guaranteed not to show up either in user name and the cleartext password. Should I use escape (%E) here, or is there a better way?
Just for the record, this is what I use currently: password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass: %w^MAuth-Protocol: %s^M Client-IP: %r^M
I have no idea what you're talking about. What is password_key? The password that is being sent to the backend IMAP/POP3 server?