New to PostgreSQL, is this a DoS?
| От | dkelson-list-pgsql-hackers@inconnect.com |
|---|---|
| Тема | New to PostgreSQL, is this a DoS? |
| Дата | |
| Msg-id | Pine.LNX.4.02A.9811161841390.424-100000@brookie.inconnect.com обсуждение исходный текст |
| Ответы |
Re: [HACKERS] New to PostgreSQL, is this a DoS?
|
| Список | pgsql-hackers |
Pardon the message, I received no responses in the other pgsql lists I posted this too. I'm using a fully updated RedHat 5.1 box flex version 2.5.4 GNU Bison version 1.25 ---------- Forwarded message ---------- Date: Sun, 15 Nov 1998 22:24:58 -0700 (MST) From: Dax Kelson <dkelson-list-pgsql-admin@inconnect.com> To: pgsql-admin@postgreSQL.org Subject: [ADMIN] New to PostgreSQL, is this a DoS? I compiled and install 6.4 according to the INSTALL doc. I created a database with "createdb test", running as user "postgres", I connected "psql template1" and ran: CREATE USER billybob WITH PASSWORD hehe CREATEDB CREATEUSER; I then modified pg_hba.conf by adding: host all 10.0.0.2 255.255.255.255 crypt I then killed and restarted postmaster with "-i". >>From the remote machine "10.0.0.2" I connected to the database "test" as user "billybob" and that worked. However, I had problems trying to create a table. >>From that remote machine, I ran: CREATE TABLE weather ( city varchar(80), temp_lo int, temp_hi int, prcp real, date date ); And it supposedly "worked", it said "CREATE". However, running \d returned Couldn't find any tables, sequences or indices! Then from the machine actually running PostgreSQL, as user "postgres" I connected to "test" \d returned Couldn't find any tables, sequences or indices! So I tried running the CREATE TABLE weather command again, but it returned: ERROR: weather relation already exists but, \d returned Couldn't find any tables, sequences or indices! >>From remotely as "billybob" or localy as "postgres" I could succesfully drop this phantom table. Is this a denial of service? A remote user can connect and create as many phantom tables as they want which could possibly interfere with normal operation? How would the admin even know the name of the table to drop? If I connect locally as user "postgres" and I can successfully create and see the table. Is it normal behaviour that user "postgres" must first create the tables for them to be useable? Thanks, Dax Kelson Internet Connect, Inc.
В списке pgsql-hackers по дате отправления: