[Mimedefang] Re: sql integration of quarentine and others

David F. Skoll dfs at roaringpenguin.com
Wed Apr 4 09:32:22 EDT 2007


Jeff Rife wrote:

> Any "nasty characters" are never seen by the perl interpreter in the 
> code example I gave.

Google "SQL injection"...

... but I see you already know about it.

> If you truly worry about SQL injection from the contents of a full e-
> mail message (which is highly unlikely),

Really?  I expect that ' and ; are quite commonly seen in e-mail, so you
might not suffer an attack, but your SQL is quite likely to fail.

Regards,

David.



More information about the MIMEDefang mailing list