| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Neil Conway <neilc(at)samurai(dot)com> |
| Cc: | Gaetano Mendola <mendola(at)bigfoot(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: postgres vulnerability |
| Date: | 2004-10-10 04:25:52 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Neil Conway <neilc(at)samurai(dot)com> writes:
> Gaetano Mendola wrote:
>> Here http://www.sans.org/top20/#u9
>> are listed postgres vulnerability it's sad see that almost all
>> are related to third part components
> "Almost all"? By my count, 12 of the 17 vulnerabilities refer to
> legitimate problems in PostgreSQL, its RPM distribution, or the ODBC driver.
However, the ones that are still current (ie, something not fixed many
revs back) are mostly things outside our control. I think the only
really serious charge in the lot is buffer overflows inside the ODBC
driver.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gaetano Mendola | 2004-10-10 09:13:27 | Re: postgres vulnerability |
| Previous Message | Neil Conway | 2004-10-10 04:02:00 | Re: postgres vulnerability |