Re: [SECURITY] DoS attack on backend possible (was: Re:

Поиск
Список
Период
Сортировка
От Florian Weimer
Тема Re: [SECURITY] DoS attack on backend possible (was: Re:
Дата
Msg-id 87fzxl5tk7.fsf@CERT.Uni-Stuttgart.DE
обсуждение исходный текст
Ответ на Re: [SECURITY] DoS attack on backend possible (was: Re:  (Justin Clift <justin@postgresql.org>)
Список pgsql-hackers
Дерево обсуждения 
Justin Clift <justin@postgresql.org> writes:

> Is it possible to crash a 7.2.1 backend without having an entry in the
> pg_hba.conf file?

No, but think of web applications and things like that.  The web
frontend might pass in a date string which crashes the server backend.
Since the crash can be triggered by mere data, an attacker does not
have to be able to send specific SQL statements to the server.

-- 
Florian Weimer                       Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Greg Copeland
Дата:
Сообщение: Re: python patch
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Open 7.3 items