On Fri, Jul 07, 2006 at 03:48:00PM +0200, Marc Haber wrote:
> I am the maintainer of Debian's packages for exim4, a powerful and
> versatile Mail Transfer Agent developed in Cambridge and in wide use
> throughout the Free Software Community (http://www.exim.org/).
>
> One of our daemon flavours ha
[ Coming late to the thread... ]
Steve Atkins <[EMAIL PROTECTED]> writes:
> Fortunately all this stuff is MUA-side, not MTA-side, so exim
> should ignore it. SQL_ASCII all the way.
I concur. The recent encoding fixes are for the situation where the
database server believes a multibyte encoding i
On Jul 11, 2006, at 6:29 PM, Bruno Wolff III wrote:
SQL_ASCII may also be an option (assign no special meaning to
characters at all), but I'm less sure of that. Can email address
contain multibyte characters? I didn't think so...
E-Mail addreses themselves can't, but the "comment" field of an
> > SQL_ASCII may also be an option (assign no special meaning to
> > characters at all), but I'm less sure of that. Can email address
> > contain multibyte characters? I didn't think so...
>
> E-Mail addreses themselves can't, but the "comment" field of an
> address can.
The comment field itself
Marc Haber wrote:
> Please note that exim is so flexible that it is possible to implement
> mail spool storage in an SQL database. In this case, we'd write data
> which originated in an untrusted source to the database, not knowing
> about encoding at all.
If you are going to store things in mult
On Sun, Jul 09, 2006 at 06:16:48PM +0200, Marc Haber wrote:
> > I'd suggest adding a PQsetClientEncoding(conn, "Latin1") right after
> > you establish a connection. I'm not sure if Exim has any kind of
> > declaration about what encoding strings have internally.
>
> No, it does not.
That's your f
* Martijn van Oosterhout:
> * If application always sends untrusted strings as out-of-line
> parameters, instead of embedding them into SQL commands, it is not
> vulnerable.
This paragraph should explictly mention PQexecParams (which everybody
should use anyway).
It seems that Exim's archite
Hi,
On Fri, Jul 07, 2006 at 05:15:11PM +0200, Martijn van Oosterhout wrote:
> On Fri, Jul 07, 2006 at 03:48:00PM +0200, Marc Haber wrote:
> > From what I understand, the correct way would be to use
> > PQescapeStringConn, but that function needs an established connection,
> > and exim performs str
On Fri, Jul 07, 2006 at 04:53:14PM +0200, Martijn van Oosterhout wrote:
> On Fri, Jul 07, 2006 at 03:48:00PM +0200, Marc Haber wrote:
> > I am the maintainer of Debian's packages for exim4, a powerful and
> > versatile Mail Transfer Agent developed in Cambridge and in wide use
> > throughout the Fr
On Fri, Jul 07, 2006 at 03:48:00PM +0200, Marc Haber wrote:
> From what I understand, the correct way would be to use
> PQescapeStringConn, but that function needs an established connection,
> and exim performs string escape "early", way before the actual
> connection is established.
I just downlo
On Fri, Jul 07, 2006 at 03:48:00PM +0200, Marc Haber wrote:
> Hi,
>
> I am the maintainer of Debian's packages for exim4, a powerful and
> versatile Mail Transfer Agent developed in Cambridge and in wide use
> throughout the Free Software Community (http://www.exim.org/).
>
> One of our daemon fl
Hi,
I am the maintainer of Debian's packages for exim4, a powerful and
versatile Mail Transfer Agent developed in Cambridge and in wide use
throughout the Free Software Community (http://www.exim.org/).
One of our daemon flavours has PostgreSQL support. Our security guys
have found a flaw in exim
12 matches
Mail list logo
