Re: [GENERAL] PostgreSQL 7.2.2: Security Release

Neil Conway <neilc@samurai.com>

From: Neil Conway <neilc@samurai.com>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Neil Conway <neilc@samurai.com>, "Marc G. Fournier" <scrappy@hub.org>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2002-08-24T04:47:16Z
Lists: pgsql-hackers, pgsql-general
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> The issue is data-provoked crashes vs. query-invoked crashes.  Marc's
> point, and I think it was clear enough, is that you can't just poke at
> the TCP port and hope to do anything bad, which was the thrust of the
> argument, I think.

The point I objected to is the suggestion that only those running
"shared" or "open" systems are vulnerable to the security
problem. That is simply incorrect.

Cheers,

Neil

-- 
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC