[Dovecot] Passing data safely in password_key?

Attila Nagy bra at fsn.hu
Sun Jul 28 14:49:22 EEST 2013


I would like to convert my custom POP/IMAP proxy to Dovecot's. In this 
proxy I do more than giving back user name, password and the host and I 
need extra information.
Luckily all of them are available as variables, but more than one comes 
as user input (like user name and cleartext password) and I'm not sure 
how to pass them safely.
Obviously I would need a separator, which is guaranteed not to show up 
either in user name and the cleartext password.
Should I use escape (%E) here, or is there a better way?

More information about the dovecot mailing list