Search Postgresql Archives

Re: EMBEDDED PostgreSQL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > Sorry, but any Windows user who thinks he doesn't need security 
> > measures equivalent to (not "beyond") minimum Unix practice 
> is a dummy 
> > about security.  Take a look at this LOAD vulnerability 
> we're in the 
> > midst of patching, and ask yourself whether you aren't glad that it 
> > can't be used to get admin privileges on your Windows box.
> 
> So a vulnerability exists on Windows even if PostgreSQL is 
> only accepting local connections?

No. You need an *authenticated* connection to the database. If your web
interface is open to SQL Injection, you can get in thruogh that, but
else you need some kind of account and connecting permissions to the
database server.
pg_hba also protects you even if you allow connections elsewhere.


//Magnus

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

               http://archives.postgresql.org


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux