Justin Clift <[EMAIL PROTECTED]> writes: > Is it possible to crash a 7.2.1 backend without having an entry in the > pg_hba.conf file?
No, but think of web applications and things like that. The web frontend might pass in a date string which crashes the server backend. Since the crash can be triggered by mere data, an attacker does not have to be able to send specific SQL statements to the server. -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
