Home > mailing lists

Re: [HACKERS] Query cancel and OOB data (fwd) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [HACKERS] Query cancel and OOB data (fwd)
Date	May 26, 1998 22:15:15
Msg-id	11838.896224491@sss.pgh.pa.us Whole thread Raw
In response to	Re: [HACKERS] Query cancel and OOB data (fwd) (Bruce Momjian <maillist@candle.pha.pa.us>)
Responses	Re: [HACKERS] Query cancel and OOB data (fwd) Re: [HACKERS] Query cancel and OOB data (fwd)
List	pgsql-hackers

Tree view

Bruce Momjian <maillist@candle.pha.pa.us> writes:
>> However, if they are already snooping, how much harder
>> is it for them to insert their own query into the tcp stream?

> Can someone answer this for me?

Well, that depends entirely on what your threat model is --- for
example, someone with read access on /dev/kmem on a relay machine
might be able to watch packets going by, yet not be able to inject
more.  On the other hand, someone with root privileges on another
machine on your local LAN could likely do both.

My guess is that most of the plausible cases that allow one also
allow the other.  But it's only a guess.

            regards, tom lane

pgsql-hackers by date:

From: Massimo Dal Zotto
Date: 26 May 1998, 21:04:03
Subject: Re: [HACKERS] Time to fix libpgtcl for async NOTIFY

From: Tom Lane
Date: 26 May 1998, 22:24:34
Subject: Re: [HACKERS] Time to fix libpgtcl for async NOTIFY

Re: [HACKERS] Query cancel and OOB data (fwd) - Mailing list pgsql-hackers

Previous

Next