| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Martin Pitt <martin(at)piware(dot)de> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: Fwd: Infinite recursion in function causes DoS |
| Date: | 2004-03-26 20:53:17 |
| Message-ID: | 20040326205317.GF20194@wolff.to |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Thu, Mar 25, 2004 at 12:25:33 +0100,
Martin Pitt <martin(at)piware(dot)de> wrote:
>
> Either way, this situation leads to a DoS of the database system or the
> entire machine. Since any user with enough privileges to access the
> database can create and execute functions, this raises a slight security
> concern.
It is going to be very difficult to prevent authorized postgres users
from DOSing the server. While fixing this issue will make it harder
to accidentally shoot ones self in the foot, you cannot expect to give
untrusted users access to postgres and have the server be secure from
DOS attacks.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruno Wolff III | 2004-03-26 20:56:42 | Re: Fwd: Default pg_autovacuum config glitches |
| Previous Message | PostgreSQL Bugs List | 2004-03-26 19:13:05 | BUG #1117: Time calculation from epoch is 12 hours out |