[Dovecot] Passing data safely in password_key?
Attila Nagy
bra at fsn.hu
Fri Aug 2 23:32:00 EEST 2013
On 08/02/2013 02:32 PM, Timo Sirainen wrote:
> On Mon, 2013-07-29 at 09:22 +0200, Attila Nagy wrote:
>> On 07/28/13 13:49, Attila Nagy wrote:
>>> Hi,
>>>
>>> I would like to convert my custom POP/IMAP proxy to Dovecot's. In this
>>> proxy I do more than giving back user name, password and the host and
>>> I need extra information.
>>> Luckily all of them are available as variables, but more than one
>>> comes as user input (like user name and cleartext password) and I'm
>>> not sure how to pass them safely.
>>> Obviously I would need a separator, which is guaranteed not to show up
>>> either in user name and the cleartext password.
>>> Should I use escape (%E) here, or is there a better way?
>>>
>> Just for the record, this is what I use currently:
>> password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass:
>> %w^MAuth-Protocol: %s^M
>> Client-IP: %r^M
> I have no idea what you're talking about. What is password_key? The
> password that is being sent to the backend IMAP/POP3 server?
>
>
RTFM? ;)
http://wiki2.dovecot.org/AuthDatabase/Dict?highlight=%28password_key%29
More information about the dovecot
mailing list