Christopher Browne <cbbrowne@acm.org> writes:
>> A recent article about an Oracle worm:
>> http://www.eweek.com/article2/0,1895,1880648,00.asp
>> got me wondering.
> PostgreSQL doesn't allow network access, by default, which more than
> makes up for that.
You would have to both alter postgresql.conf (to make the postmaster
listen for anything except local connections) and alter pg_hba.conf
to let people in. Of course, if you were fool enough to set pg_hba.conf
to allow "trust" connections from the whole net, you'd have a door open
even wider than Oracle's. But I hope that's not common.
A worm can't be successful unless there's a fairly large population of
vulnerable machines. I am sure that there are *some* PG installations
out there that are wide open, but I doubt there are enough to make a
worm viable.
regards, tom lane
