On Fri, Jul 07, 2006 at 03:48:00PM +0200, Marc Haber wrote: > From what I understand, the correct way would be to use > PQescapeStringConn, but that function needs an established connection, > and exim performs string escape "early", way before the actual > connection is established.
I just downloaded the code and looked. The code never looks or checks the encoding of the database. This is bad from a security point of view because that means you have no idea how your queries are going to be interpreted. I'd suggest adding a PQsetClientEncoding(conn, "Latin1") right after you establish a connection. I'm not sure if Exim has any kind of declaration about what encoding strings have internally. You could use UTF-8 but then postgres would complain if you pass any strings that arn't valid UTF-8. They may or may not be desirable. SQL_ASCII may also be an option (assign no special meaning to characters at all), but I'm less sure of that. Can email address contain multibyte characters? I didn't think so... What about the configuration file? Hope this helps, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to > litigate.
signature.asc
Description: Digital signature
