Re: [HACKERS] Really stupid question(?)
Bear Giles [EMAIL PROTECTED] writes: But the problem is that knowledgeable security administrators can replace the common hardcoded values with their own. How do you allow this to be easily done? Configuration parameters? One possibility that occured to me was that dynamic libraries would handle this nicely. There's even some support for dynamic libraries in the user-defined functions, so this wouldn't be a totally unprecedented idea. But this would be a new way of using dynamic libraries. You've lost me completely. What exactly are you suggesting? regards, tom lane ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [HACKERS] Really stupid question(?)
Bear Giles wrote: The really stupid question refers to some of the hardcoded fallback values in this code. The reason for having hardcoded values is to prevent downgrade attacks - you don't want to casually override the DBA, but you also don't want to make it easy for a knowledgeable attacker to fatally compromise the system in a way that your average DBA couldn't catch. But the problem is that knowledgeable security administrators can replace the common hardcoded values with their own. How do you allow this to be easily done? Would GUC variables work? Put in sensible defaults and let the more knowledgeable security admins override the defaults in postgresql.conf Joe ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html