[Dovecot] Authentication: Dovecot -> Vpopmail - > MySQL with one table per domain
Timo Sirainen
tss at iki.fi
Fri Apr 25 03:08:10 EEST 2008
On Mon, 2008-03-24 at 10:44 -0700, James Nordstrom wrote:
> password_query = select pw_clear_passwd as password
> from %d where pw_name = '%n'
>
> Where %d is the name of the table. I can't use the
> exact domain name at it will not match the vpopmail
> format domainname_com. I would be happy to use some
> sort of sting builder but and not sure what my options
> are in the .conf file.
You could convert '.' to '_':
auth_username_translation = ._
But using %d directly in the SQL query is getting a bit dangerous. The
default auth_username_chars should make it safe, but if you add more
chars such as ';' and ' ' you'll have a potential SQL injection security
hole.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080425/0d94343d/attachment-0001.bin
More information about the dovecot
mailing list