[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security hole in qmail-sql



Dear,

Alex Howansky found an important security hole in qmail-sql. Alex and I are
currently working on a patch to fix this problem. Meanwhile all users are 
strongly encouraged to make sure the userid that qmail-sql runs under does not
have any write/update abilities to the database. This also implies you'll need 
to disable the lastlogin update feature (checkpassword-sql) if you're using it.

Kind regards,
Michael Devogelaere.