Re: [GENERAL] PostgreSQL 7.2.2: Security Release

Bruce Momjian <pgman@candle.pha.pa.us>

From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Neil Conway <neilc@samurai.com>
Cc: "Marc G. Fournier" <scrappy@hub.org>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2002-08-24T11:23:48Z
Lists: pgsql-hackers, pgsql-general
Neil Conway wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > The issue is data-provoked crashes vs. query-invoked crashes.  Marc's
> > point, and I think it was clear enough, is that you can't just poke at
> > the TCP port and hope to do anything bad, which was the thrust of the
> > argument, I think.
> 
> The point I objected to is the suggestion that only those running
> "shared" or "open" systems are vulnerable to the security
> problem. That is simply incorrect.

Yes, I remember now.  It is a bad data vunerability vs. a bad query
vulnerability.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073