From: | Justin Clift <justin(at)postgresql(dot)org> |
---|---|
To: | Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [SECURITY] DoS attack on backend possible |
Date: | 2002-08-19 17:07:30 |
Message-ID: | 3D6125D2.E4E3A9C5@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
Hi Florian,
You guys *definitely* write scarey code.
:-(
Regards and best wishes,
Justin Clift
Florian Weimer wrote:
>
> Alvar Freude <alvar(at)a-blast(dot)org> writes:
>
> >> What about checking the input for backslash, quote,
> >> and double quote (\'")? If you are not taking care of those in input
> >> then crashing the backend is going to be the least of your worries.
> >
> > with Perl and *using placeholders and bind values*, the application
> > developer has not to worry about this. So, usually I don't check the
> > values in my applications (e.g. if only values between 1 and 5 are
> > allowed and under normal circumstances only these are possible), it's the
> > task of the database (check constraint).
>
> That's the idea. It's the job of the database to guarantee data
> integrety.
>
> Obviously, the PostgreSQL developers disagree. If I've got to do all
> checking in the application anyway, I can almost use MySQL
> instead. ;-)
>
> --
> Florian Weimer Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE
> University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
> RUS-CERT fax +49-711-685-5898
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
From | Date | Subject | |
---|---|---|---|
Next Message | Florian Weimer | 2002-08-19 17:14:18 | Re: [SECURITY] DoS attack on backend possible |
Previous Message | Florian Weimer | 2002-08-19 16:59:00 | Re: [SECURITY] DoS attack on backend possible |
From | Date | Subject | |
---|---|---|---|
Next Message | Florian Weimer | 2002-08-19 17:14:18 | Re: [SECURITY] DoS attack on backend possible |
Previous Message | Florian Weimer | 2002-08-19 16:59:00 | Re: [SECURITY] DoS attack on backend possible |