Re: [SECURITY] DoS attack on backend possible (was: Re:
Christopher Kings-Lynne <chriskl@familyhealth.com.au>
From: "Christopher Kings-Lynne" <chriskl@familyhealth.com.au>
To: "Tom Lane" <tgl@sss.pgh.pa.us>, "Justin Clift" <justin@postgresql.org>
Cc: "Florian Weimer" <Weimer@CERT.Uni-Stuttgart.DE>, <pgsql-hackers@postgresql.org>
Date: 2002-08-12T02:25:18Z
Lists: pgsql-hackers
> Justin Clift <justin@postgresql.org> writes: > > Am I understanding this right: > > - A PostgreSQL 7.2.1 server can be crashed if it gets passed certain > > date values which would be accepted by standard "front end" parsing? > > AFAIK it's a buffer overrun issue, so anything that looks like a > reasonable date would *not* cause the problem. Still, I believe this should require a 7.2.2 release. Imagine a university database server for a course for example - the students would just crash it all the time. Chris