On Mon, 12 Aug 2002, Justin Clift wrote:
> Hi everyone,
>
> Whilst looking around for some more PostgreSQL related stuff, this
> message turned up:
>
> http://mail.wirex.com/pipermail/sardonix/2002-February/000051.html
>
> The interesting bit is in an email messages included about halfway
> down. It speaks of Bad Things in the PostgreSQL source code and of
> PostgreSQL needing an audit.
Christoper's point about University access to postgres and possible
security/DoS problems is a good one. A thorough security audit of
PostgreSQL would be a very good idea. Naturally, the biggest problems are
that it is very time consuming to do an audit, just about all parts of the
code need to be reviewed and it yields few exciting results.
Perhaps Red Hat or another commercial entity would be interested in
helping out given that the commercial space is beginning to be dominated
by security rhetoric?
Gavin