diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2020-01-19 17:22:58 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2020-01-20 16:44:49 +0000 |
| commit | 8c2a478b1f6f8c3fb43317c1e6729b23a3b972b7 (patch) | |
| tree | 70c498d5a27168452c6897190e04e36ed8623eed /doc | |
| parent | c8b050fd148ef06666c1f6feaa492d122f65e23e (diff) | |
Support "hide" on named-list definition lines
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 13 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 13 |
2 files changed, 21 insertions, 5 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d65e4d950..ed0053777 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -8300,6 +8300,19 @@ domainlist dom2 = !a.b : *.b where &'x.y'& does not match. It's best to avoid negation altogether in referenced lists if you can. +.new +.cindex "hiding named list values" +.cindex "named lists" "hiding value of" +Some named list definitions may contain sensitive data, for example, passwords for +accessing databases. To stop non-admin users from using the &%-bP%& command +line option to read these values, you can precede the definition with the +word &"hide"&. For example: +.code +hide domainlist filter_for_domains = ldap;PASS=secret ldap::/// ... +.endd +.wen + + Named lists may have a performance advantage. When Exim is routing an address or checking an incoming message, it caches the result of tests on named lists. So, if you have a setting such as diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index f5421a7f2..e21446533 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -17,16 +17,19 @@ Version 4.94 3. A msg:defer event. - 4. Client-side support in the gsasl authenticator. Tested against the plaintext - driver for PLAIN; only against itself for SCRAM-SHA-1 and SCRAM-SHA-1-PLUS - methods. + 4. Client-side support in the gsasl authenticator. Tested against the + plaintext driver for PLAIN; only against itself for SCRAM-SHA-1 and + SCRAM-SHA-1-PLUS methods. - 5. Server-side support in the gsasl authenticator for encrypted passwords, as an - alternate for the existing plaintext. + 5. Server-side support in the gsasl authenticator for encrypted passwords, as + an alternate for the existing plaintext. 6. Variable $local_part_verified, set by the router check_local_part condition with untainted data. + 7. Named-list definitions can now be prefixed "hide" so that "-bP" commands do + not output the content. Previously this could only be done on options. + Version 4.93 ------------ |