[Dovecot] Re: PATCH: Dovecot SASL authentication for Postfix
2.3-20051220
Timo Sirainen
tss at iki.fi
Fri Dec 23 20:01:42 EET 2005
On 23.12.2005, at 17:11, Wietse Venema wrote:
> - The authentication server protocol uses the TAB character as a
> delimiter, so it is critical that legitimate user names don't
> contain this character. This is of course trivial to ensure with
> the authentication server implementation, so I will not worry about
> it.
Oh, right. Actually the replies may contain \001 escaped characters:
\001 1 -> \001
\001 t -> TAB
\001 n -> LF
But in practice none of these should ever come. I haven't yet bothered
to make Dovecot itself even unescape these internally. Maybe that could
even be considered a feature. Usernames having TABs or LFs could cause
all kinds of other trouble.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20051223/f158d28d/PGP.pgp
More information about the dovecot
mailing list