Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Bruce Momjian <pgman@candle.pha.pa.us>
From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Neil Conway <neilc@samurai.com>
Cc: "Marc G. Fournier" <scrappy@hub.org>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2002-08-24T11:23:48Z
Lists: pgsql-hackers, pgsql-general
Neil Conway wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > The issue is data-provoked crashes vs. query-invoked crashes. Marc's > > point, and I think it was clear enough, is that you can't just poke at > > the TCP port and hope to do anything bad, which was the thrust of the > > argument, I think. > > The point I objected to is the suggestion that only those running > "shared" or "open" systems are vulnerable to the security > problem. That is simply incorrect. Yes, I remember now. It is a bad data vunerability vs. a bad query vulnerability. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073