[prev in list] [next in list] [prev in thread] [next in thread] 

List:       exim-users
Subject:    Re: [exim] deferring mysql lockups
From:       David Saez Padros <david () ols ! es>
Date:       2006-01-31 19:54:06
Message-ID: 43DFC05E.5010405 () ols ! es
[Download RAW message or body]

Hi !!

>> when a message is temporary rejected due to a failed mysql query
>> (i.e. when there are too many mysql connections) the 4xx error
>> returned to the client includes the whole mysql query, which can
>> reveal sensitive data to the remote party, maybe it will be better
>> to just return the mysql error without the query or to be able to
>> define a global error message to use in that circunstances.
> 
> That should be 'controllable' in your own settings.
> 
> Are you specifying a 'message =' or leaving it to the
> defaults?

'message' is only used if the condition fails but not when it
defers, when it defers the 4xx messages says:

failed to expand "${lookup mysql {SELECT ...}": lookup of "SELECT ..."
gave DEFER: MYSQL connection failed: Too many connections

and in general any expand failure gives all the data to the remote
party revealing in that case the database structure (at least) and
in other cases it could also reveal other kind of sensitive data.
This is the only thing i really dislike from exim

-- 
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@ols.es
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------



-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
[prev in list] [next in list] [prev in thread] [next in thread]