Robert Haas <robertmhaas@gmail.com> writes:
> One last thought: I don't think it's right to suppose that every
> security vulnerability is the result of some design flaw and every
> security vulnerability must be patched.
As far as Postgres is concerned, I'm kind of unimpressed by timing-based
attacks. There are enough layers between a hypothetical attacker and a
particular algorithm in the backend that it'd be really hard to get any
reliable numbers. Length-based attacks are more realistic, since e.g.
we allow you to find out the compressed size of a data value. But as
you noted, those can be defeated by not storing sensitive data in the
same place as attacker-controlled data. Or turning off compression,
but that's largely throwing the baby out with the bathwater. In the
end I think it's up to the DBA how concerned to be about this and
what measures she should take to mitigate any risks.
regards, tom lane
