[courier-users] Re: Does Courier Imap or Courier Pop handle ' or " strangely in passwords? - Sam Varshavchik - net.sourceforge.lists.courier-users

5 messages in net.sourceforge.lists.courier-users[courier-users] Re: Does Courier Imap...

From	Sent On	Attachments
David Ehle	Jan 6, 2002 5:59 pm
Phil Brutsche	Jan 6, 2002 7:24 pm
Sam Varshavchik	Jan 6, 2002 7:48 pm
Duncan Hill	Jan 6, 2002 8:00 pm
David Ehle	Jan 6, 2002 8:51 pm

Subject:	[courier-users] Re: Does Courier Imap or Courier Pop handle ' or " strangely in passwords?
From:	Sam Varshavchik (mrs...@courier-mta.com)
Date:	Jan 6, 2002 7:48:40 pm
List:	net.sourceforge.lists.courier-users

David Ehle writes:

Sam, can you or anyone else think of any way that Courier IMAP could be upset by having a " or a ' in the password? The same accounts and passwords work fine with other IMAP clients such as Pine, Netscape and Outlook/OE.

No, not for passwords. Only for userids, with some authentication modules. I don't recall offhand the nitty-gritty details, but I think that its feasible that authmysql and authpgsql might throw out quotes and apostrophes in the userid string, since that has to form an sql statement, and apostrophes or quotes could be used to inject hostile SQL.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets