<<< Date Index >>>     <<< Thread Index >>>

Re: Having Fun With PostgreSQL



It would probably be fair to mention that dblink is not a product that
is installed by default in pg.  



On Sat, Jun 16, 2007 at 07:11:47PM +0200, Nico Leidecker wrote:
> Dear list,
> 
> I'd like to present a paper about security issues with PostgreSQL. The paper 
> describes weaknesses in the configuration that may allow attackers to 
> escalade privileges, execute shell commands and to upload arbitrary (binary) 
> files via SQL injections.
> 
> You can either get the TXT version from 
> http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
> Or as PDF at at 
> http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
> 
> The paper comes with a tool called `pgshell' that can be downloaded at 
> http://www.leidecker.info/pgshell/
> 
> Cheers,
> Nico
> 
> _____________________________________________________________________
> Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> http://smartsurfer.web.de/?mc=100071&distributionid=000000000066

-- 
  Lost time is when we learn nothing from the experiences of life. Time
 gained is when we grow to have a wisdom that is tested in the reality of life.