| From: | Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> |
|---|---|
| To: | Justin Clift <justin(at)postgresql(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Date: | 2002-08-11 15:00:40 |
| Message-ID: | 87fzxl5tk7.fsf@CERT.Uni-Stuttgart.DE |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Justin Clift <justin(at)postgresql(dot)org> writes:
> Is it possible to crash a 7.2.1 backend without having an entry in the
> pg_hba.conf file?
No, but think of web applications and things like that. The web
frontend might pass in a date string which crashes the server backend.
Since the crash can be triggered by mere data, an attacker does not
have to be able to send specific SQL statements to the server.
--
Florian Weimer Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Clift | 2002-08-11 16:26:56 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Tom Lane | 2002-08-11 14:59:08 | Re: pgsql-server/ oc/src/sgml/ref/cluster.sgml rc/ ... |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-08-11 15:01:16 | Re: CREATE OR REPLACE TRIGGER |
| Previous Message | Tom Lane | 2002-08-11 14:44:17 | Re: stand-alone composite types patch (was [HACKERS] Proposal: |