Re: [SECURITY] DoS attack on backend possible (was: Re:
Justin Clift <justin@postgresql.org>
From: Justin Clift <justin@postgresql.org>
To: Christopher Kings-Lynne <chriskl@familyhealth.com.au>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>, pgsql-hackers@postgresql.org
Date: 2002-08-12T02:31:56Z
Lists: pgsql-hackers
Hi Chris, Christopher Kings-Lynne wrote: > <snip> > Still, I believe this should require a 7.2.2 release. Imagine a university > database server for a course for example - the students would just crash it > all the time. Hey yep, good point. Is this the only way that we know of non postgresql-superusers to be able to take out the server other than by extremely non-optimal, resource wasting queries? If we release a 7.2.2 because of this, can we be pretty sure we have a "no known vulnerabilities" release, or are there other small holes which should be fixed too? :-) Regards and best wishes, Justin Clift > Chris -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi