Re: [SECURITY] DoS attack on backend possible (was: Re:

Yea, I added that TODO entry, and I am embarrased that a single cash_out
call could crash the backend. I thought about not making this public
knowledge, but making it public hasn't marshalled any forces to fix it
so maybe I was wrong to put it on TODO.

---------------------------------------------------------------------------

Gavin Sherry wrote:
> On Mon, 12 Aug 2002, Justin Clift wrote:
>
> > Hi Chris,
> >
> > Christopher Kings-Lynne wrote:
> > >
> > <snip>
> > > Still, I believe this should require a 7.2.2 release. Imagine a university
> > > database server for a course for example - the students would just crash it
> > > all the time.
> >
> > Hey yep, good point.
> >
> > Is this the only way that we know of non postgresql-superusers to be
> > able to take out the server other than by extremely non-optimal,
> > resource wasting queries?
> >
>
> Check the TODO:
>
> You are now connected as new user s.
> template1=> select cash_out(2);
> server closed the connection unexpectedly
> This probably means the server terminated abnormally
> before or while processing the request.
> The connection to the server was lost. Attempting reset: Failed.
> !> \q
> [swm(at)laptop a]$ bin/psql template1
> psql: could not connect to server: Connection refused
> Is the server running locally and accepting
> connections on Unix domain socket "/tmp/.s.PGSQL.3987"?
> [swm(at)laptop a]$
>
> ---
>
> Gavin
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073