-*- Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> [ 2002-08-26 15:19 ]:
> TCP/IP access must be enabled as well. TCP/IP accessibility is OFF by
> I for one thought that it was normal operating procedure to only allow access
> to trusted machines; maybe I'm odd in that regard.
> Hey, if I can connect to postmaster I can DoS it quite easily, but flooding it
> with connection requests.....
> But, if we can thwart this, all the better.
Well, ISP's that offer webhosting and database connectivity might also be running a PostgreSQL server that only allows connections from that specific webserver (TCP port 5432 access not blocked as well as an pg_hba.conf entry). Now, if a user with access to the webserver has privileges to open a socket connection, he could exploit this.
In response to
pgsql-hackers by date
|Next:||From: Stephan Szabo||Date: 2002-08-26 15:29:09|
|Subject: Re: Deadlock situation using foreign keys (reproduceable)|
|Previous:||From: Sir Mordred The Traitor||Date: 2002-08-26 15:25:18|
|Subject: Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL|