Re: [GENERAL] PostgreSQL buffer exploits
| От | Justin Clift |
|---|---|
| Тема | Re: [GENERAL] PostgreSQL buffer exploits |
| Дата | |
| Msg-id | 3B7BF5EA.805F0306@postgresql.org обсуждение исходный текст |
| Ответ на | Re: [GENERAL] PostgreSQL buffer exploits (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Список | pgsql-hackers |
Thanks Bruce, The lack of tests is more worrying than the lack of reported failures I reckon. :-( I'll check through the BugTRAQ archives later on. On a good note however, the Open Source Database Benchmarking project (osdb.sourceforge.net) has finally gotten around to getting it's code working with PostgreSQL 7.1.x and I'm setting up a place on the techdocs site to store any results which people want to report after running it. It'll be good to start creating a publicly available database of what hardware and settings gives what levels of performance with PostgreSQL. I'll do an [ANNOUNCE] when it's all up and ready. :-) Regards and best wishes, Justin Clift Bruce Momjian wrote: > > > Hi all, > > > > Just wondering if anyone knows of or has tested for PostgreSQL buffer > > exploits over the various interfaces (JDBC, ODBC, psql, etc) or directly > > through socket connections? > > > > Working on a sensitive application at the moment, and I've realised I've > > never seen anyone mention testing PostgreSQL in this regard yet. > > I never heard of any tests, nor any security failures either. > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
В списке pgsql-hackers по дате отправления: