| From: | Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> |
|---|---|
| To: | Justin Clift <justin(at)postgresql(dot)org> |
| Cc: | PostgreSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Interesting message about printf()'s in PostgreSQL |
| Date: | 2002-08-12 04:10:05 |
| Message-ID: | Pine.LNX.4.21.0208121405280.7309-100000@linuxworld.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 12 Aug 2002, Justin Clift wrote:
> Hi everyone,
>
> Whilst looking around for some more PostgreSQL related stuff, this
> message turned up:
>
> http://mail.wirex.com/pipermail/sardonix/2002-February/000051.html
>
> The interesting bit is in an email messages included about halfway
> down. It speaks of Bad Things in the PostgreSQL source code and of
> PostgreSQL needing an audit.
Christoper's point about University access to postgres and possible
security/DoS problems is a good one. A thorough security audit of
PostgreSQL would be a very good idea. Naturally, the biggest problems are
that it is very time consuming to do an audit, just about all parts of the
code need to be reviewed and it yields few exciting results.
Perhaps Red Hat or another commercial entity would be interested in
helping out given that the commercial space is beginning to be dominated
by security rhetoric?
Gavin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2002-08-12 04:16:55 | Re: Interesting message about printf()'s in PostgreSQL |
| Previous Message | Tom Lane | 2002-08-12 04:05:36 | Re: Interesting message about printf()'s in PostgreSQL |