[Mimedefang] Re: sql integration of quarentine and others
David F. Skoll
dfs at roaringpenguin.com
Wed Apr 4 09:32:22 EDT 2007
Jeff Rife wrote:
> Any "nasty characters" are never seen by the perl interpreter in the
> code example I gave.
Google "SQL injection"...
... but I see you already know about it.
> If you truly worry about SQL injection from the contents of a full e-
> mail message (which is highly unlikely),
Really? I expect that ' and ; are quite commonly seen in e-mail, so you
might not suffer an attack, but your SQL is quite likely to fail.
Regards,
David.
More information about the MIMEDefang
mailing list