Mailing List Archive: [Bug 3066] tainted search query is not properly quoted discloses mysql password

https://bugs.exim.org/show_bug.cgi?id=3066

Jasen Betts <jasen@treshna.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |jasen@treshna.com

--- Comment #9 from Jasen Betts <jasen@treshna.com> ---
that lookup syntax is not current, that is obsolete syntax.

The password should not be inside the {} containing the query.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

https://bugs.exim.org/show_bug.cgi?id=3066

Jeremy Harris <jgh146exb@wizmail.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |WAIT_FIX_CONFIRMATION

--- Comment #10 from Jeremy Harris <jgh146exb@wizmail.org> ---
f2738aab2d72 adds code to drop the username/password for the DB access,
when the deprecated syntax for specifying a DB server with the query is used.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/