Participants
Justin Clift
Justin Clift
Bruce Momjian
Bruce Momjian
Attachments

No attachments in this thread

Thread Outline
#1Justin CliftJustin Clift
Aug 16, 2001
#2Bruce MomjianBruce Momjianto Justin Clift (#1)
Aug 16, 2001
#3Justin CliftJustin Cliftto Bruce Momjian (#2)
Aug 16, 2001

PostgreSQL buffer exploits

Started by Justin Cliftover 24 years ago3 messages
#1Justin Clift
Justin Clift
justin@postgresql.org

Hi all,

Just wondering if anyone knows of or has tested for PostgreSQL buffer
exploits over the various interfaces (JDBC, ODBC, psql, etc) or directly
through socket connections?

Working on a sensitive application at the moment, and I've realised I've
never seen anyone mention testing PostgreSQL in this regard yet.

Regards and best wishes,

Justin Clift

--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi

#2Bruce Momjian
Bruce Momjian
pgman@candle.pha.pa.us
In reply to: Justin Clift (#1)
Re: PostgreSQL buffer exploits

Hi all,

Just wondering if anyone knows of or has tested for PostgreSQL buffer
exploits over the various interfaces (JDBC, ODBC, psql, etc) or directly
through socket connections?

Working on a sensitive application at the moment, and I've realised I've
never seen anyone mention testing PostgreSQL in this regard yet.

I never heard of any tests, nor any security failures either.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
#3Justin Clift
Justin Clift
justin@postgresql.org
In reply to: Bruce Momjian (#2)
Re: PostgreSQL buffer exploits

Thanks Bruce,

The lack of tests is more worrying than the lack of reported failures I
reckon. :-( I'll check through the BugTRAQ archives later on.

On a good note however, the Open Source Database Benchmarking project
(osdb.sourceforge.net) has finally gotten around to getting it's code
working with PostgreSQL 7.1.x and I'm setting up a place on the techdocs
site to store any results which people want to report after running it.

It'll be good to start creating a publicly available database of what
hardware and settings gives what levels of performance with PostgreSQL.
I'll do an [ANNOUNCE] when it's all up and ready.

:-)

Regards and best wishes,

Justin Clift

Bruce Momjian wrote:

Hi all,

Just wondering if anyone knows of or has tested for PostgreSQL buffer
exploits over the various interfaces (JDBC, ODBC, psql, etc) or directly
through socket connections?

Working on a sensitive application at the moment, and I've realised I've
never seen anyone mention testing PostgreSQL in this regard yet.

I never heard of any tests, nor any security failures either.

--
Bruce Momjian                        |  http://candle.pha.pa.us
pgman@candle.pha.pa.us               |  (610) 853-3000
+  If your life is a hard drive,     |  830 Blythe Avenue
+  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi

← Back to Topics