Home > mailing lists

Re: [SECURITY] DoS attack on backend possible (was: Re: - Mailing list pgsql-hackers

From	Florian Weimer
Subject	Re: [SECURITY] DoS attack on backend possible (was: Re:
Date	August 11, 2002 14:00:38
Msg-id	87fzxl5tk7.fsf@CERT.Uni-Stuttgart.DE Whole thread Raw
In response to	Re: [SECURITY] DoS attack on backend possible (was: Re: (Justin Clift <justin@postgresql.org>)
List	pgsql-hackers

Tree view

Justin Clift <justin@postgresql.org> writes:

> Is it possible to crash a 7.2.1 backend without having an entry in the
> pg_hba.conf file?

No, but think of web applications and things like that.  The web
frontend might pass in a date string which crashes the server backend.
Since the crash can be triggered by mere data, an attacker does not
have to be able to send specific SQL statements to the server.

-- 
Florian Weimer                       Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

pgsql-hackers by date:

From: Greg Copeland
Date: 11 August 2002, 13:36:58
Subject: Re: python patch

From: Tom Lane
Date: 11 August 2002, 14:12:58
Subject: Re: Open 7.3 items

Re: [SECURITY] DoS attack on backend possible (was: Re: - Mailing list pgsql-hackers

Previous

Next