quote strings passed to sql
Juan Bernhard
juan at inti.gob.ar
Mon Feb 2 17:07:24 UTC 2015
Hello list. I'm thinking to migrate the hole user db from system users
to mysql. I already did it in a test environment, but something is
annoying my OCD... I don't quote the variables username and password
sent to the mysql server. I know, the mysql user that dovecot uses only
has select rights, but it stills bother me, because its possible to do
an useless sql code injection.
Is there a way to quote that? Something like exim's quote_mysql?
Saludos, Juan.
More information about the dovecot
mailing list