On 07/06/10 06:06, Stephen Frost wrote:
> Also, perhaps I'm not being paranoid enough, but all this concern over
> error cases really doesn't really worry me that much. The amount of
> data one could acquire that way is pretty limited.
It's not limited. It allows you to read all contents of the underlying
table or tables. I don't see much point doing anything at all if we
don't plug that.
There's many side channels like exposing row counts in EXPLAIN and
statistics and timing attacks, that are not as critical, because they
don't let expose all data, and the attacker can't accurately choose what
data is exposed. Those are not as important.
-- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com