Thanks Bruce,
The lack of tests is more worrying than the lack of reported failures I
reckon. :-( I'll check through the BugTRAQ archives later on.
On a good note however, the Open Source Database Benchmarking project
(osdb.sourceforge.net) has finally gotten around to getting it's code
working with PostgreSQL 7.1.x and I'm setting up a place on the techdocs
site to store any results which people want to report after running it.
It'll be good to start creating a publicly available database of what
hardware and settings gives what levels of performance with PostgreSQL.
I'll do an [ANNOUNCE] when it's all up and ready.
:-)
Regards and best wishes,
Justin Clift
Bruce Momjian wrote:
>
> > Hi all,
> >
> > Just wondering if anyone knows of or has tested for PostgreSQL buffer
> > exploits over the various interfaces (JDBC, ODBC, psql, etc) or directly
> > through socket connections?
> >
> > Working on a sensitive application at the moment, and I've realised I've
> > never seen anyone mention testing PostgreSQL in this regard yet.
>
> I never heard of any tests, nor any security failures either.
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman@candle.pha.pa.us | (610) 853-3000
> + If your life is a hard drive, | 830 Blythe Avenue
> + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
