Re: [GENERAL] PostgreSQL 7.2.2: Security Release

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Дата
Msg-id 25492.1030163864@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: [GENERAL] PostgreSQL 7.2.2: Security Release  ("Marc G. Fournier" <scrappy@hub.org>)
Ответы Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Список pgsql-hackers
Дерево обсуждения 
"Marc G. Fournier" <scrappy@hub.org> writes:
> Right, but you have to get a connection to the backend in order to crash
> it ... no?

The point was that it might be possible to exploit this with only
indirect access to the database, such as entering "date" information
into a webform that would hand off the value to the database with
little or no checking.  Most of the risks we've been discussing require
the ability to issue chosen SQL commands, but this one only requires
the ability to determine a data value that's used in a SQL command.
Big difference.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: Large file support available
Следующее
От: Bruce Momjian
Дата:
Сообщение: Re: [GENERAL] PostgreSQL 7.2.2: Security Release