| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Þórhallur Hálfdánarson <tolli(at)tol(dot)li> |
| Cc: | Sir Mordred The Traitor <mordred(at)s-mail(dot)com>, lamar(dot)owen(at)wgcr(dot)org, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL |
| Date: | 2002-08-30 04:42:00 |
| Message-ID: | 26651.1030682520@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
=?iso-8859-1?Q?=DE=F3rhallur_H=E1lfd=E1narson?= <tolli(at)tol(dot)li> writes:
> And another (perhaps silly) thought: Currently, if the authentication
> process is exploited, it would kill the postmaster, resulting in a
> total crash of the whole database system. Would it be beneficial to
> split the connection handling/authorization process to a seperate
> process, and if that process dies, the postmaster would simply start a
> new one, there for not affecting any other backends that are running
> (for authorized users) ? Or am I way of track? :)
No, just behind the times ;-). We did that in 7.2.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-08-30 04:44:09 | Re: Reporting query duration |
| Previous Message | Joe Conway | 2002-08-30 04:29:49 | Re: SRF memory mgmt patch (was [HACKERS] Concern about |