On 04/10/2015 05:17 AM, Robert Haas wrote:
On Apr 9, 2015, at 8:51 PM, Heikki Linnakangas <hlinn...@iki.fi> wrote:
What should we do about this?
I bet that there are at least 1000 covert channel attacks that are more
practically exploitable than this.
Care to name some? This is certainly quite cumbersome to exploit, but
it's doable.
We've talked a lot about covert channels and timing attacks on RLS, but
this makes me more worried because you can attack passwords stored in
pg_authid.
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
