From: | Justin Clift <justin(at)postgresql(dot)org> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | PostgreSQL General Mailing List <pgsql-general(at)postgresql(dot)org>, PostgreSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PostgreSQL buffer exploits |
Date: | 2001-08-16 16:33:46 |
Message-ID: | 3B7BF5EA.805F0306@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
Thanks Bruce,
The lack of tests is more worrying than the lack of reported failures I
reckon. :-( I'll check through the BugTRAQ archives later on.
On a good note however, the Open Source Database Benchmarking project
(osdb.sourceforge.net) has finally gotten around to getting it's code
working with PostgreSQL 7.1.x and I'm setting up a place on the techdocs
site to store any results which people want to report after running it.
It'll be good to start creating a publicly available database of what
hardware and settings gives what levels of performance with PostgreSQL.
I'll do an [ANNOUNCE] when it's all up and ready.
:-)
Regards and best wishes,
Justin Clift
Bruce Momjian wrote:
>
> > Hi all,
> >
> > Just wondering if anyone knows of or has tested for PostgreSQL buffer
> > exploits over the various interfaces (JDBC, ODBC, psql, etc) or directly
> > through socket connections?
> >
> > Working on a sensitive application at the moment, and I've realised I've
> > never seen anyone mention testing PostgreSQL in this regard yet.
>
> I never heard of any tests, nor any security failures either.
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
> + If your life is a hard drive, | 830 Blythe Avenue
> + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2001-08-16 16:45:28 | Re: why sequential scan |
Previous Message | Joe Conway | 2001-08-16 16:25:55 | Re: Storing images in PG? |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2001-08-16 16:39:41 | Re: Patches (current CVS) for changes if index AM tables |
Previous Message | Barry Lind | 2001-08-16 16:18:50 | Re: Question about todo item |