Re: [SECURITY] DoS attack on backend possible (was: Re:
Florian Weimer <weimer@cert.uni-stuttgart.de>
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
To: Justin Clift <justin@postgresql.org>
Cc: pgsql-hackers@postgresql.org
Date: 2002-08-11T15:00:40Z
Lists: pgsql-hackers
Justin Clift <justin@postgresql.org> writes: > Is it possible to crash a 7.2.1 backend without having an entry in the > pg_hba.conf file? No, but think of web applications and things like that. The web frontend might pass in a date string which crashes the server backend. Since the crash can be triggered by mere data, an attacker does not have to be able to send specific SQL statements to the server. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898