Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] Query cancel and OOB data (fwd)

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>
Cc: hackers(at)postgreSQL(dot)org (PostgreSQL-development)
Subject: Re: [HACKERS] Query cancel and OOB data (fwd)
Date: 1998-05-26 23:14:51
Message-ID: 11838.896224491@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> writes:
>> However, if they are already snooping, how much harder
>> is it for them to insert their own query into the tcp stream?

> Can someone answer this for me?

Well, that depends entirely on what your threat model is --- for
example, someone with read access on /dev/kmem on a relay machine
might be able to watch packets going by, yet not be able to inject
more.  On the other hand, someone with root privileges on another
machine on your local LAN could likely do both.

My guess is that most of the plausible cases that allow one also
allow the other.  But it's only a guess.

			regards, tom lane

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 1998-05-26 23:24:20
Subject: Re: [HACKERS] Time to fix libpgtcl for async NOTIFY
Previous:From: Massimo Dal ZottoDate: 1998-05-26 21:36:20
Subject: Re: [HACKERS] Time to fix libpgtcl for async NOTIFY

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group