[Dovecot] Passing data safely in password_key?
Attila Nagy
bra at fsn.hu
Mon Jul 29 10:22:00 EEST 2013
On 07/28/13 13:49, Attila Nagy wrote:
> Hi,
>
> I would like to convert my custom POP/IMAP proxy to Dovecot's. In this
> proxy I do more than giving back user name, password and the host and
> I need extra information.
> Luckily all of them are available as variables, but more than one
> comes as user input (like user name and cleartext password) and I'm
> not sure how to pass them safely.
> Obviously I would need a separator, which is guaranteed not to show up
> either in user name and the cleartext password.
> Should I use escape (%E) here, or is there a better way?
>
Just for the record, this is what I use currently:
password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass:
%w^MAuth-Protocol: %s^M
Client-IP: %r^M
More information about the dovecot
mailing list