| From: | Christopher Browne <cbbrowne(at)acm(dot)org> |
|---|---|
| To: | pgsql-advocacy(at)postgresql(dot)org |
| Subject: | Re: Compliment from the Database Hacker's Handbook |
| Date: | 2005-08-17 13:12:37 |
| Message-ID: | m3acjgk8qi.fsf@mobile.int.cbbrowne.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-advocacy |
> To quote:
>
> "By default, PostgreSQL is probably the most security-aware database
> available ..."
> Database Hacker's Handbook
> Lithcfield et. al.
> Wiley
> http://www.wiley.com/WileyCDA/WileyAncillary/productCd-0764578014.html
>
> I'm gonna see if we can use the quote for our front page ...
Based on the sample chapter, the book looks pretty nifty, too.
I love their two suggestions near the end of that chapter:
1. Don't believe the documentation
In theory, the "non-marketing dependance" of PostgreSQL ought to
mean that the documentation is capable of being more honest, but
even so, it's an interesting approach ;-).
2. That security analysts implement their own client
The issue, which, to some degree, we see with psql, is that the
default clients somewhat "sanitize" requests. Sanity tends to be
a good thing, better than insanity :-), but it's hard to hit some
of the race conditions without the lack of sanitation...
I probably ought to do this some time; it would be a useful
learning experience...
--
(reverse (concatenate 'string "moc.liamg" "@" "enworbbc"))
http://cbbrowne.com/info/
If we were meant to fly, we wouldn't keep losing our luggage.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2005-08-18 16:13:36 | Open Source TCO talk wanted for OSDBC -- Deadline tommorrow! |
| Previous Message | Christopher Browne | 2005-08-17 13:05:27 | Re: Publishing and PostgreSQL |