| From: | Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> |
|---|---|
| To: | Justin Clift <justin(at)postgresql(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [SECURITY] DoS attack on backend possible |
| Date: | 2002-08-19 17:14:18 |
| Message-ID: | 87znvi7out.fsf@CERT.Uni-Stuttgart.DE |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Justin Clift <justin(at)postgresql(dot)org> writes:
> You guys *definitely* write scarey code.
Yes, indeed. My code has a lot of unnecessary and error-prone input
validation checks because I don't trust the PostgreSQL parser.
That's scary. You don't trust your database that it processes a
simple text string, yet you still believe that it keeps all the data
you store, although this involves much more complex data structures
and algorithms.
What a strange asymmetry!
--
Florian Weimer Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rod Taylor | 2002-08-19 17:17:54 | Re: [SECURITY] DoS attack on backend possible |
| Previous Message | Justin Clift | 2002-08-19 17:07:30 | Re: [SECURITY] DoS attack on backend possible |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rod Taylor | 2002-08-19 17:17:54 | Re: [SECURITY] DoS attack on backend possible |
| Previous Message | Justin Clift | 2002-08-19 17:07:30 | Re: [SECURITY] DoS attack on backend possible |