public inbox for [email protected]
help / color / mirror / Atom feedFrom: Neil Conway <[email protected]>
To: Tom Lane <[email protected]>
Cc: Magnus Hagander <[email protected]>
Cc: [email protected]
Cc: Simon Riggs <[email protected]>
Subject: Re: Security information page
Date: Sun, 27 Nov 2005 17:35:54 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
On Sun, 2005-11-27 at 12:16 -0500, Tom Lane wrote:
> The list seems a bit short; did you look through the release notes for
> items that seem to be security issues? I suspect there are some that
> don't have CVE names.
"Add checks for invalid field length in binary COPY (Tom)" in 7.4.3,
should probably be included.
If we're not going to describe issues with 7.2 and earlier releases
(which is probably reasonable), I think we should back off the claim
that "all known" security issues are listed. Personally I think we
shouldn't make the latter claim, anyway: for example, whether
COALESCE(NULL, NULL) dumping core (fixed in 8.0.3) is a "security issue"
is often in the eye of the beholder.
From the page:
"Our approach covers fail-safe configuration options, a secure and
robust database server as well as good integration with other security
infrastructure software."
What "good integration with other security infrastructure" can PGDG
legitimately take credit for?
-Neil
view thread (12+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Security information page
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox