[Dovecot] Passing data safely in password_key?

Attila Nagy bra at fsn.hu
Mon Jul 29 10:22:00 EEST 2013

On 07/28/13 13:49, Attila Nagy wrote:
> Hi,
> I would like to convert my custom POP/IMAP proxy to Dovecot's. In this 
> proxy I do more than giving back user name, password and the host and 
> I need extra information.
> Luckily all of them are available as variables, but more than one 
> comes as user input (like user name and cleartext password) and I'm 
> not sure how to pass them safely.
> Obviously I would need a separator, which is guaranteed not to show up 
> either in user name and the cleartext password.
> Should I use escape (%E) here, or is there a better way?
Just for the record, this is what I use currently:
password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass: 
%w^MAuth-Protocol: %s^M
Client-IP: %r^M

More information about the dovecot mailing list