Cross-posting to general due to more general nature of response
Josh Berkus wrote:
>Chris,
>
>
>
>>http://www.theregister.co.uk/2005/01/28/mysql_worm/
>>
>>
>
>Yep. And each time someone asks you "But why can't I install PostgreSQL as
>Administrator" you can point them to that worm ....
>
>
>
Now, if PostgreSQL is installed with TRUST authentication for remote
ports, can't one try to create an untrusted language and function that
will cause the sustem to scan for other such servers and connect,
thereby spreading a worm? Of course most of the PostgreSQL instances I
have seen are behind firewalls, but I don't think we are that invulnerable.
Maybe we should set the default authentication to only use TRUST on
local sockets only. At least as of 7.4, the default was to trust
network ports.
Best Wishes,
Chris Travers
Metatron Technology Consulting
