Re: [HACKERS] Query cancel and OOB data
Tom Ivar Helbekkmo <tih+mail@hamartun.priv.no>
From: Tom Ivar Helbekkmo <tih+mail@Hamartun.Priv.NO>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Bruce Momjian <maillist@candle.pha.pa.us>, byronn@insightdist.com, hackers@postgreSQL.org
Date: 1998-05-24T18:47:01Z
Lists: pgsql-hackers
Tom Lane <tgl@sss.pgh.pa.us> writes: > on the other hand, a packet sniffer can also grab your password, > make his own connection to the server, and wreak much more havoc > than just issuing a cancel. I don't see that this adds any > vulnerability that wasn't there before. Ahem. Not true for those of us who use Kerberos authentication. We never send our passwords over the network, instead using them as (part of) a key that's used to encrypt other data. -tih -- Popularity is the hallmark of mediocrity. --Niles Crane, "Frasier"