|
On 1/5/2016 4:12 PM, oleg yusim wrote:
I meant a scenario, when user is trying to connect to
database (doesn't matter what interface) and database fails at
this moment. If all authentication/authorization/validation functions are written to
return false in case of abnormal termination, we are fine. If
not, we can potentially encounter the situation when database
fails into state where user is given greater privileges than
he/she should or even authenticated, when he/she shouldn't.
if the postgres server processes terminate for any reason, there's
nothing to connect to. the client application will get a error
like 'connection refused' back from the connection attempt, or if it
was already connected and the server aborts, the next query will
return an error like CONNECTION_BAD. there's no possible
privilege elevation.
--
john r pierce, recycling bits in santa cruz
|
