From: | Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> |
---|---|
To: | Justin Clift <justin(at)postgresql(dot)org> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [SECURITY] DoS attack on backend possible |
Date: | 2002-08-19 17:14:18 |
Message-ID: | 87znvi7out.fsf@CERT.Uni-Stuttgart.DE |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
Justin Clift <justin(at)postgresql(dot)org> writes:
> You guys *definitely* write scarey code.
Yes, indeed. My code has a lot of unnecessary and error-prone input
validation checks because I don't trust the PostgreSQL parser.
That's scary. You don't trust your database that it processes a
simple text string, yet you still believe that it keeps all the data
you store, although this involves much more complex data structures
and algorithms.
What a strange asymmetry!
--
Florian Weimer Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
From | Date | Subject | |
---|---|---|---|
Next Message | Rod Taylor | 2002-08-19 17:17:54 | Re: [SECURITY] DoS attack on backend possible |
Previous Message | Justin Clift | 2002-08-19 17:07:30 | Re: [SECURITY] DoS attack on backend possible |
From | Date | Subject | |
---|---|---|---|
Next Message | Rod Taylor | 2002-08-19 17:17:54 | Re: [SECURITY] DoS attack on backend possible |
Previous Message | Justin Clift | 2002-08-19 17:07:30 | Re: [SECURITY] DoS attack on backend possible |