Re: MySQL worm attacks Windows servers

From: Chris Travers <chris(at)travelamericas(dot)com>
To: Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL advocacy <pgsql-advocacy(at)postgresql(dot)org>, pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject: Re: MySQL worm attacks Windows servers
Date: 2005-01-29 08:34:07
Message-ID: 41FB4A7F.1000208@travelamericas.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-advocacy pgsql-general pgsql-www

Cross-posting to general due to more general nature of response

Josh Berkus wrote:

>Chris,
>
>
>
>>http://www.theregister.co.uk/2005/01/28/mysql_worm/
>>
>>
>
>Yep. And each time someone asks you "But why can't I install PostgreSQL as
>Administrator" you can point them to that worm ....
>
>
>
Now, if PostgreSQL is installed with TRUST authentication for remote
ports, can't one try to create an untrusted language and function that
will cause the sustem to scan for other such servers and connect,
thereby spreading a worm? Of course most of the PostgreSQL instances I
have seen are behind firewalls, but I don't think we are that invulnerable.

Maybe we should set the default authentication to only use TRUST on
local sockets only. At least as of 7.4, the default was to trust
network ports.

Best Wishes,
Chris Travers
Metatron Technology Consulting

In response to

Responses

Browse pgsql-advocacy by date

  From Date Subject
Next Message Bruno Wolff III 2005-01-29 11:45:00 Re: MySQL worm attacks Windows servers
Previous Message Mark Wong 2005-01-29 06:57:55 Re: OLS BOF for linux & postgresql

Browse pgsql-general by date

  From Date Subject
Next Message Neil Conway 2005-01-29 10:23:06 Re: changing sort_mem on the fly?
Previous Message Mark Wong 2005-01-29 06:57:55 Re: OLS BOF for linux & postgresql

Browse pgsql-www by date

  From Date Subject
Next Message Bruno Wolff III 2005-01-29 11:45:00 Re: MySQL worm attacks Windows servers
Previous Message Josh Berkus 2005-01-28 17:04:35 Re: MySQL worm attacks Windows servers