Re: [SECURITY] DoS attack on backend possible

ngpg@grymmjack.com

From: ngpg@grymmjack.com
To: pgsql-hackers@postgresql.org
Date: 2002-08-21T21:28:52Z
Lists: pgsql-hackers
Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer) wrote 

> ngpg@grymmjack.com writes:
> 
>> if you are going to be passing any user input to the database, you 
>> must/should validate in some manner before blindly passing it to the db.
>> The db can and should guarantee data integrity, but the database cannot 
>> read your mind when it comes to how you structure your queries.
> 
> [example of SQL injection attack deleted]
> 
> This is not the problem at hand.  SQL injection attacks can be avoided
> easily.  Bugs in the conversion of strings to internal PostgreSQL
> objects are a different matter, though, and usually, devastating
> effects cannot be avoided by (reasonably complex) checks in the
> frontend.
> 

yeah i wasnt aware that adding a if(strlen($input) > SOME_REASONABLE_MAX) 
was complex.  the sql injection attack was just an(other) example of why 
you do not simply forward user input to the backend.  all i was trying to 
point out is that most of these buffer overflows in the backend can be 
avoided just as easily as the sql injection attack.