Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL

On Monday 26 August 2002 12:59 pm, Bruce Momjian wrote:
> Tom Lane wrote:
> > It may indeed make sense to put a range check here, but I'm getting
> > tired of hearing the words "dos attack" applied to conditions that
> > cannot be exploited to cause any real problem. All you are
> > accomplishing is to spread FUD among people who aren't sufficiently
> > familiar with the code to evaluate the seriousness of problems...

> It isn't fun to have our code nit-picked apart, and Sir-* is over-hyping
> the vulnerability, but it is a valid concern. The length should
> probably be clipped to a reasonable length and a comment put in the code
> describing why.

The pseudo-security-alert format used isn't terribly palatable here, IMHO. On
BugTraq it might fly -- but not here. A simple 'Hey guys, I found a possible
problem when.....' without the big-sounding fluff would sit better with me,
at least. The substance of the message is perhaps valuable -- but the
wrapper distracts from the substance.

And dealing with a real name would be nice, IMHO. Otherwise we may end up
with 'SMtT' as the nickname -- Hmmm, 'SMitTy' perhaps? :-) Reminds me of
'Uncle George' who did quite a bit for the Alpha port and then disappeared.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11