[Dovecot] Dovecot's MySQL authentication driver

guard guard at uptime.pl
Thu Nov 16 08:41:16 UTC 2006

On Thu, 16 Nov 2006, Robin Elfrink wrote:

> Egbert Jan wrote:
>> I've taken this even further: I have separate 'users' for postfix,
>> postfixadmin (web frontend for virtual users/domains) and dovecot. Each
>> *might* need specific rights.
> Using restricted user rights and chroots and what not does not prevent
> SQL injection in any way.


But until
auth_username_chars = 
is set, and default_pass_scheme won't be PLAIN we are secure against sql 
injection. Right?

I have also found %E varible - escape '"', "'" and '\' characters by 
inserting '\' before them, but how can I use it for escape characters
from %u?

Best Regards.

More information about the dovecot mailing list