[Vmail-discuss] Security note for exim and MySQL
Paul Warren
pdw@xxxxxxxxxxxxx
Sun, 11 Nov 2001 21:09:35 +0000
On Sun, Nov 11, 2001 at 01:45:06PM -0600, Eric Renfro wrote:
> Just in case, I noticed from the documentation of vmail-sql, and
> exim's setup:
>
> mysql_servers = host/user/pass
>
> This alone, is insecure, and should be prepended with the hide
> directive to look more like:
>
> hide mysql_servers = host/user/pass
>
> This will hide that from even just running exim -bP, which any user
> could normally run, regardless if they have read access to the conf
> file of exim.
Good point - thanks for that. Is this option a recent addition to exim?
Our 3.13 installation doesn't seem to support it.
Paul