While I can understand your concern over security I simply do not know how you
can protect against:
On Sat, 7 Feb 2004, Alex J. Avriette wrote:
> ... or somebody may be passing in the
> de rigeur '; select * from sensitive_table; ...' attempts (this is very
> common, as you know, in CGI applicati
On Wednesday 11 February 2004 12:46, Jim C. Nasby wrote:
> On Sun, Feb 08, 2004 at 11:24:56PM -0800, Josh Berkus wrote:
> > The problem with this approach, of course, is that large application
> > developers generally like to make the database fairly "passive" and put
> > all business & security lo
On Sun, Feb 08, 2004 at 11:24:56PM -0800, Josh Berkus wrote:
> The problem with this approach, of course, is that large application
> developers generally like to make the database fairly "passive" and put all
> business & security logic in the middleware. I do think it would be useful
> for t
On Sun, Feb 08, 2004 at 09:34:15PM -0500, Tom Lane wrote:
> Is this "nothing"?
> http://www.postgresql.org/docs/7.4/static/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING
>
> I don't think the docs are nearly as bereft of security-related items as
> you claim. They may be scattered and poorly indexed,
Alex,
> As such, I would like to see some documentation about securing the
> database at a data and application level. It would be nice to have some
> general guidelines, as well as being able to cite documentation when
> setting up a security policy for a database application.
I'd be happy to pa
"Alex J. Avriette" <[EMAIL PROTECTED]> writes:
> On Sun, Feb 08, 2004 at 01:33:31PM -0500, Tom Lane wrote:
>> Actually, the extended-query message in the new FE/BE protocol works
>> exactly that way.
> (Tom is referring to this:
> http://archives.postgresql.org/pgsql-interfaces/2003-03/msg0
On Sun, Feb 08, 2004 at 01:33:31PM -0500, Tom Lane wrote:
> > Actually I can and it involves changing the backend to not permit multiple
> > statements in one request. I can't imagine how that could sensibly be
> > implemented, if at all, though.
>
> Actually, the extended-query message in the ne
"Nigel J. Andrews" <[EMAIL PROTECTED]> writes:
> On Sat, 7 Feb 2004, Alex J. Avriette wrote:
>> ... or somebody may be passing in the
>> de rigeur '; select * from sensitive_table; ...' attempts (this is very
>> common, as you know, in CGI applications).
> Actually I can and it involves changing t
Alex J. Avriette wrote:
> That having been said, I would have submitted a patch with said
> documentation if I knew where to start. I have submitted this RFC --
> a request for comments, nothing more serious than that -- because I'd
> like to know what we can do to get some documentation included i
Hello again.
Recently, an application of mine, which faces the internet, came under
attack. The form of the attack was the standard DOS attack. Open a
bunch of sockets, don't close them, and see if you can break the
availability of the application.
This attack came within six hours of the applica
10 matches
Mail list logo
