| From: | Justin Clift <justin(at)postgresql(dot)org> |
|---|---|
| To: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Date: | 2002-08-12 02:31:56 |
| Message-ID: | 3D571E1C.C584F9D1@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Hi Chris,
Christopher Kings-Lynne wrote:
>
<snip>
> Still, I believe this should require a 7.2.2 release. Imagine a university
> database server for a course for example - the students would just crash it
> all the time.
Hey yep, good point.
Is this the only way that we know of non postgresql-superusers to be
able to take out the server other than by extremely non-optimal,
resource wasting queries?
If we release a 7.2.2 because of this, can we be pretty sure we have a
"no known vulnerabilities" release, or are there other small holes which
should be fixed too?
:-)
Regards and best wishes,
Justin Clift
> Chris
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2002-08-12 02:37:42 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Christopher Kings-Lynne | 2002-08-12 02:25:18 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2002-08-12 02:37:42 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Christopher Kings-Lynne | 2002-08-12 02:25:18 | Re: [SECURITY] DoS attack on backend possible (was: Re: |