-*- Lamar Owen <lamar.owen@wgcr.org> [ 2002-08-26 15:19 ]:
> TCP/IP access must be enabled as well. TCP/IP accessibility is OFF by
> default.
>
> I for one thought that it was normal operating procedure to only allow access
> to trusted machines; maybe I'm odd in that regard.
>
> Hey, if I can connect to postmaster I can DoS it quite easily, but flooding it
> with connection requests.....
>
> But, if we can thwart this, all the better.
Well, ISP's that offer webhosting and database connectivity might also be running a PostgreSQL server that only allows
connectionsfrom that specific webserver (TCP port 5432 access not blocked as well as an pg_hba.conf entry). Now, if a
userwith access to the webserver has privileges to open a socket connection, he could exploit this.
--
Regards,
Tolli
tolli@tol.li