Re: [HACKERS] Query cancel and OOB data

Tom Ivar Helbekkmo <tih+mail@hamartun.priv.no>

From: Tom Ivar Helbekkmo <tih+mail@Hamartun.Priv.NO>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Bruce Momjian <maillist@candle.pha.pa.us>, byronn@insightdist.com, hackers@postgreSQL.org
Date: 1998-05-24T18:47:01Z
Lists: pgsql-hackers
Tom Lane <tgl@sss.pgh.pa.us> writes:

> on the other hand, a packet sniffer can also grab your password,
> make his own connection to the server, and wreak much more havoc
> than just issuing a cancel.  I don't see that this adds any
> vulnerability that wasn't there before.

Ahem.  Not true for those of us who use Kerberos authentication.
We never send our passwords over the network, instead using them
as (part of) a key that's used to encrypt other data.

-tih
-- 
Popularity is the hallmark of mediocrity.  --Niles Crane, "Frasier"