Re: [SECURITY] DoS attack on backend possible (was: Re:

Gavin Sherry wrote:

> As to your other point -- that this bug in the data/time code actually
> *reflects* the quality and reliability of the database itself -- you've
> really gone too far. The best software has bugs.

For example, in the current version of Oracle 9i, if a client (say
SQL*Plus) is running on a linux box and talking to Oracle running on a
Solaris box, executes the following:

create table foo(i integer primary key, bar blob);

... then later does ...

update foo set bar=empty_blob() where i = <some key value>

The Oracle server on Solaris crashes. *the whole thing* BANG!
Shot-to-the-head-dead. Not the user's client - the server.

This means that any user with the right to update a single table with a
blob can crash Oracle at will.

What does this say about Oracle's overall reliability?

As Gavin says all software has bugs. Most of PG's bugs are far less
spectacular than the Oracle bug I mention here.

Overall I rate PG and Oracle as being about equivalent in terms of bugs.

--
Don Baccus
Portland, OR
http://donb.photo.net, http://birdnotes.net, http://openacs.org