On Tuesday 12 March 2002 03:22 pm, Trond Eivind Glomsrød wrote:
> On 12 Mar 2002, Greg Copeland wrote:
> > While it may be worth noting, I seriously doubt this is a security issue
> > for PostgresSQL.
> It's an easy DOS for things like mozilla, netscape. For postgres, using
> it internally? Nah.
Thus the subject line ending with the words 'heads-up' -- not a serious
issue, but something to just take note of.
Now, had it been that TOAST used it, it might have been possible, however
remote it may seem, to craft something like a form item entry on a web page
backended by PostgreSQL that could end up being processed by that code.
Stranger things _have_ happened. And the non-script-kiddie malicious
crackers out there are that devious. You really can't be too careful.
And maybe all of the people on HACKERS haven't seen the CERT advisory as yet;
a heads-up is just that.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11