| From: | Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Date: | 2002-08-12 08:23:29 |
| Message-ID: | 874re04ha6.fsf@CERT.Uni-Stuttgart.DE |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Mike Mascari <mascarm(at)mascari(dot)com> writes:
> I'd still think it would be a good policy to make a security release.
> However, without user resource limits in PostgreSQL, anyone can make a
> machine useless with a query like:
>
> SELECT *
> FROM pg_class a, pg_class b, pg_class c, pg_class d, pg_class e, ... ;
But this requires to be able to send arbitrary SQL commands; just
feeding a specially crafted date string usually does not.
--
Florian Weimer Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gavin Sherry | 2002-08-12 08:27:27 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Florian Weimer | 2002-08-12 08:19:19 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gavin Sherry | 2002-08-12 08:27:27 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Florian Weimer | 2002-08-12 08:19:19 | Re: [SECURITY] DoS attack on backend possible (was: Re: |