Home > mailing lists

Re: [HACKERS] Query cancel and OOB data - Mailing list pgsql-hackers

From	Tom Ivar Helbekkmo
Subject	Re: [HACKERS] Query cancel and OOB data
Date	May 24, 1998 18:32:10
Msg-id	8667iv5wwq.fsf@barsoom.Hamartun.Priv.NO Whole thread Raw
In response to	Re: [HACKERS] Query cancel and OOB data (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [HACKERS] Query cancel and OOB data (Bruce Momjian <maillist@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane <tgl@sss.pgh.pa.us> writes:

> on the other hand, a packet sniffer can also grab your password,
> make his own connection to the server, and wreak much more havoc
> than just issuing a cancel.  I don't see that this adds any
> vulnerability that wasn't there before.

Ahem.  Not true for those of us who use Kerberos authentication.
We never send our passwords over the network, instead using them
as (part of) a key that's used to encrypt other data.

-tih
--
Popularity is the hallmark of mediocrity.  --Niles Crane, "Frasier"

pgsql-hackers by date:

From: The Hermit Hacker
Date: 24 May 1998, 17:29:15
Subject: Re: [HACKERS] Bug in postgresql-6.3.2 (AIX specific)

From: dg@illustra.com (David Gould)
Date: 25 May 1998, 00:39:19
Subject: Re: [HACKERS] Current sources?

Re: [HACKERS] Query cancel and OOB data - Mailing list pgsql-hackers

Previous

Next