This has been saved for the 8.4 release:
http://momjian.postgresql.org/cgi-bin/pgpatches_hold
---
Andrew Sullivan wrote:
On Sun, Dec 16, 2007 at 12:31:11PM -0500, Tom Lane wrote:
Well, I wouldn't advocate
Brian Hurt [EMAIL PROTECTED] writes:
3) It's possible to perform the sort lazily. You have the initial O(N) pass
over the list, but then each block is only O(log N) cost. If it's likely that
only the first part of the result is needed, then much of the work can be
avoided.
Now that's a
On Sat, Dec 22, 2007 at 02:07:28AM -0500, Francisco wrote:
I'm working on a decoder to take a raw main/base file and given table format
parameters to pull out relevant data.
My question is whether anyone has developed such a tool. Something that
takes the raw file and table format as input
A few months ago a security concern was sent to core. We have discussed
it but see little we can do to address it in the code so I am posting to
hackers in case there is something we didn't think of or if
documentation additions are necessary.
Most users understand that if they are connecting to
Tom Lane wrote:
range-checks are present only where needed for the backend to defend itself
Survival is very important, but so is maintaining data integrity. IMHO, data
validation should be as consistent as possible. If the backend refuses data on
one hand but allows it on the other,
On Sat, 22 Dec 2007 09:25:05 -0500 (EST)
Bruce Momjian [EMAIL PROTECTED] wrote:
I think at a minimum we need to add documentation that states if you
don't trust the local users on the postmaster server you should:
o create unix domain socket files in a non-world-writable
Bruce Momjian wrote:
The fundamental problem is that because we don't require root, any user's
postmaster or pretend postmaster is as legitimate as anyone else's. SSL
certificates add legitimacy checks for TCP, but not for unix domain
sockets.
Wouldn't SSL work over Unix-domain sockets as
Peter Eisentraut wrote:
Bruce Momjian wrote:
The fundamental problem is that because we don't require root, any user's
postmaster or pretend postmaster is as legitimate as anyone else's. SSL
certificates add legitimacy checks for TCP, but not for unix domain
sockets.
Wouldn't SSL
Andrew Dunstan wrote:
But we don't check the SSL cert's credentials in the client, AFAIK.
We do if you configure it so. But I must admit that this fact is not well
advertised. It is documented, but you have to look carefully.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
Andrew Dunstan wrote:
Peter Eisentraut wrote:
Bruce Momjian wrote:
The fundamental problem is that because we don't require root, any
user's
postmaster or pretend postmaster is as legitimate as anyone else's. SSL
certificates add legitimacy checks for TCP, but not for unix domain
Peter Eisentraut [EMAIL PROTECTED] writes:
Wouldn't SSL work over Unix-domain sockets as well? The API only deals with
file descriptors.
Hmm ... we've always thought of SSL as being primarily comm security
and thus useless on a Unix socket, but the mutual authentication aspect
could come in
On Dec 22, 2007 1:04 PM, Tom Lane [EMAIL PROTECTED] wrote:
Peter Eisentraut [EMAIL PROTECTED] writes:
Wouldn't SSL work over Unix-domain sockets as well? The API only deals with
file descriptors.
Hmm ... we've always thought of SSL as being primarily comm security
and thus useless on a
On 12/22/07, Peter Eisentraut [EMAIL PROTECTED] wrote:
Bruce Momjian wrote:
The fundamental problem is that because we don't require root, any user's
postmaster or pretend postmaster is as legitimate as anyone else's. SSL
certificates add legitimacy checks for TCP, but not for unix domain
Mike Rylander [EMAIL PROTECTED] writes:
On Dec 22, 2007 1:04 PM, Tom Lane [EMAIL PROTECTED] wrote:
Hmm ... we've always thought of SSL as being primarily comm security
and thus useless on a Unix socket, but the mutual authentication aspect
could come in handy as an answer for this type of
Marko Kreen [EMAIL PROTECTED] writes:
(FYI - Debian already puts unix socket to directory writable
only to postgres user, so they dont have the problem. Maybe
we should encourage distros to move away from /tmp?)
No, we shouldn't, and if I had any authority over them I would make
Debian stop
Tom Lane indicated this thread should be moved here. Instead of asking for
what I consider the solution, let me propose a real business case and you
guys tell me how best to handle it.
I am building an Enterprise Data Warehouse with PostgreSQL. BTW, I love
this database. I will have data
* Roberts, Jon ([EMAIL PROTECTED]) wrote:
Major Feature 3: Users will build their own functions to manipulate their
own data and share the output with their department. PostgreSQL security
currently does not secure the functions they write so the feature is not
fully met.
Alright, this isn't
On Dec 22, 2007 6:25 AM, Bruce Momjian [EMAIL PROTECTED] wrote:
It is possible for the attacker to use one of the interfaces (tcp or
unix domain) and wait for the postmaster to start. The postmaster will
fail to start on the interface in use but will start on the other
interface and the
Gurjeet Singh wrote:
On Dec 22, 2007 6:25 AM, Bruce Momjian [EMAIL PROTECTED] wrote:
It is possible for the attacker to use one of the interfaces (tcp or
unix domain) and wait for the postmaster to start. The postmaster will
fail to start on the interface in use but will start on the
On Dec 23, 2007 12:20 PM, Bruce Momjian [EMAIL PROTECTED] wrote:
Gurjeet Singh wrote:
On Dec 22, 2007 6:25 AM, Bruce Momjian [EMAIL PROTECTED] wrote:
This way, if the attacker has control of even one interface (and
optionally the local socket) that the clients are expected to connect
Brendan Jurd wrote:
On Dec 23, 2007 12:20 PM, Bruce Momjian [EMAIL PROTECTED] wrote:
Gurjeet Singh wrote:
On Dec 22, 2007 6:25 AM, Bruce Momjian [EMAIL PROTECTED] wrote:
This way, if the attacker has control of even one interface (and
optionally the local socket) that the clients
Bruce Momjian wrote:
I think at a minimum we need to add documentation that states if you
don't trust the local users on the postmaster server you should:
o create unix domain socket files in a non-world-writable
directory
o require SSL server certificates for TCP
On Dec 23, 2007 1:25 PM, Bruce Momjian [EMAIL PROTECTED] wrote:
I have written documentation for this item:
http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
Comments?
I thought the content made sense, but the location didn't. I wouldn't
expect to find instructions on
Brendan Jurd wrote:
On Dec 23, 2007 1:25 PM, Bruce Momjian [EMAIL PROTECTED] wrote:
I have written documentation for this item:
http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
Comments?
I thought the content made sense, but the location didn't. I wouldn't
Brendan Jurd wrote:
It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea
a good one in any case?
What makes it good? It solves no problems. It prevents the server from
coming up when it otherwise might still be able to.
If the postmaster can't bind on one of the specified
Mark Mielke [EMAIL PROTECTED] writes:
Brendan Jurd wrote:
It doesn't solve the spoofing attack problem, but isn't Gurjeet's idea
a good one in any case?
What makes it good? It solves no problems. It prevents the server from
coming up when it otherwise might still be able to.
The primary
Roberts, Jon [EMAIL PROTECTED] writes:
Major Feature 3: Users will build their own functions to manipulate their
own data and share the output with their department. PostgreSQL security
currently does not secure the functions they write so the feature is not
fully met.
Incidentally, are you
Tom Lane [EMAIL PROTECTED] writes:
Marko Kreen [EMAIL PROTECTED] writes:
(FYI - Debian already puts unix socket to directory writable
only to postgres user, so they dont have the problem. Maybe
we should encourage distros to move away from /tmp?)
No, we shouldn't, and if I had any
28 matches
Mail list logo