Also since this is table lookup and AFAIK postfix doesn't have to
write anything on it, so you can give SELECT only right.
Least privileges are the key...
So even if there is a clever guy that found a way to escape and send
SQL injection he can never insert something.. end of the game for this
guy...
Yes, im using socket auth with only select privileges but i still would
not want someone having read access to user data. Not sure if there is a
way to for an attacker to have data parsed back to them same like in a
browser with PHP injections. But i don't know what i don't know so i
assume it might be possible.
I am really loving the new socket auth so i no longer have plain text
passwords stored in /etc/postfix/ files, the sql user doesn't even have
a password set.
