Thread

  1. Re: [HACKERS] Re: New pg_pwd patch and stuff

    Micha3 Mosiewicz <mimo@lodz.pdi.net> — 1998-01-16T02:35:38Z

    todd brandys wrote:
    > 
    > >         Fork off the postgres process first, then authenticate inside of
    > > there...which would get rid of the problem with pg_user itself being a
    > > text file vs a relation...no?
    > 
    > Yes, yes, yes.  This is how authentication should be done (for HBA, etc.)
    
    No, no, no! For security reasons, you can't fork (and exec)
    unauthenticated processes. Especially HBA authentication should be done
    to consume as low resources as possbile. Otherwise you open a giant door
    for so infamously called Denial of Service attacks. Afterwards, every
    hacker will know that to bring your system running postgres to it's
    knees he just have to try to connect to 5432 port very frequently. "OK",
    you might say, "I have this firewall". "OK", I say, "so what's that HBA
    for?".
    
    So it's the postmaster's role to deny as much connections as possible.
    Unless we speak of non-execing postgres childs?
    
    Mike
    
    -- 
    WWW: http://www.lodz.pdi.net/~mimo  tel: Int. Acc. Code + 48 42 148340
    add: Michal Mosiewicz  *  Bugaj 66 m.54 *  95-200 Pabianice  *  POLAND