Re: [HACKERS] Query cancel and OOB data

From: Tom Ivar Helbekkmo <tih+mail(at)Hamartun(dot)Priv(dot)NO>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>, byronn(at)insightdist(dot)com, hackers(at)postgreSQL(dot)org
Subject: Re: [HACKERS] Query cancel and OOB data
Date: 1998-05-24 18:47:01
Message-ID: 8667iv5wwq.fsf@barsoom.Hamartun.Priv.NO
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:

> on the other hand, a packet sniffer can also grab your password,
> make his own connection to the server, and wreak much more havoc
> than just issuing a cancel. I don't see that this adds any
> vulnerability that wasn't there before.

Ahem. Not true for those of us who use Kerberos authentication.
We never send our passwords over the network, instead using them
as (part of) a key that's used to encrypt other data.

-tih
--
Popularity is the hallmark of mediocrity. --Niles Crane, "Frasier"

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message David Gould 1998-05-25 01:38:44 Re: [HACKERS] Current sources?
Previous Message The Hermit Hacker 1998-05-24 18:28:50 Re: [HACKERS] Bug in postgresql-6.3.2 (AIX specific)