Cross-posting to general due to more general nature of response
Josh Berkus wrote:
Now, if PostgreSQL is installed with TRUST authentication for remote ports, can't one try to create an untrusted language and function that will cause the sustem to scan for other such servers and connect, thereby spreading a worm? Of course most of the PostgreSQL instances I have seen are behind firewalls, but I don't think we are that invulnerable.Chris,
http://www.theregister.co.uk/2005/01/28/mysql_worm/
Yep. And each time someone asks you "But why can't I install PostgreSQL as Administrator" you can point them to that worm ....
Maybe we should set the default authentication to only use TRUST on local sockets only. At least as of 7.4, the default was to trust network ports.
Best Wishes, Chris Travers Metatron Technology Consulting
---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
