Hi!

I want to ask about PGSQL-crack/hack-web-database.

So:

We have a web site with python.  The DB engine is PGSQL.

The first theory was that PGSQL is locally used, and each of other
operations are realized with encoded XML packages.

These operations are: fill up partner data, fill up offer data.

The client application is Delphi based. That was a little hard to convert
local data (DataSets, etc) to XML, and recode in the server side (in
python).

The new theory is need more flexibility: we can fillup more data and read
some (long) query result.

The main problem that I need to open the PGSQL's port to the net with login
possibility.

1.) Auth. - password trying.
The clients are access PGSQL by Zeos, or by PGDAC. I don't know what auth.
methods they are support, but I think that md5 and plain text is not enough
here...

2.) Opened port -  PGSQL hack/crack possibilty.
I don't know about PGSQL hack/crack on ports, but everything is possible. If
they are hack the PGDB without knowing password (with some special code
injection), we are in problem...

3.) Server overloading with DOS. (Example: many-many requests to login)

4.) Lost connections? How to handle when connection lost on wrong web, or
temp. down?

If we don't want to open the port, we need to make a complete interface that
know same thing as Zeos.

Zeos (as I know) supports data packages - the data loaded in packages, and
if you scroll to the end of the table, you can get the next package.

We need to develop same thing to load all info we want.
Need to make an update mechanism to reflect changes, etc.

We need to create a mechanism that read Queries, process them, and rewrite
the result packages...

And these infos are changing - because if I open a query with web server at
X, and got a new request at Y to make next package, may the query data
changes...

For example:
select * from data
1.) A....D (select * from partner top 0 range 1000)
2.) C...F  (select * from partner top 1001 range 2000)

because between these requests we have a big modification... (in the
webserver all request a new cursor).

This is hard work.

So... what is the magic we can use? And what you heard about opened
ports/hack/connections?

Thanks:
   dd

Reply via email to