June 18, 2007

having fun with postgresql

Filed under: Uncategorized — admin @ 12:41 am

someone pointed me to a nice article, which is about to have fun with postgresql.

the document describes some common weak settings of a postgresql setup, as well how it can be exploited. this is mainly due to the fact of the weak authentication setting in the default config of postgresql, which allows local user to be just authenticated agains the database. however you can use this to get higher access to the database by some remote views. as well some other well known attacks are described.

however what is important, is the conclusion how to avoid such attacks and this is mainly done by removing the insecure local connection authentication setting.

Proudly powered by wordpress 4.7.5 - Theme by neuro