| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | hackers(at)postgreSQL(dot)org (PostgreSQL-development) |
| Subject: | Re: [HACKERS] Query cancel and OOB data (fwd) |
| Date: | 1998-05-26 23:14:51 |
| Message-ID: | 11838.896224491@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> writes:
>> However, if they are already snooping, how much harder
>> is it for them to insert their own query into the tcp stream?
> Can someone answer this for me?
Well, that depends entirely on what your threat model is --- for
example, someone with read access on /dev/kmem on a relay machine
might be able to watch packets going by, yet not be able to inject
more. On the other hand, someone with root privileges on another
machine on your local LAN could likely do both.
My guess is that most of the plausible cases that allow one also
allow the other. But it's only a guess.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 1998-05-26 23:24:20 | Re: [HACKERS] Time to fix libpgtcl for async NOTIFY |
| Previous Message | Massimo Dal Zotto | 1998-05-26 21:36:20 | Re: [HACKERS] Time to fix libpgtcl for async NOTIFY |