| From: | Dave Page <dpage(at)postgresql(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-advocacy(at)postgresql(dot)org |
| Subject: | Re: Black Hat: New database attack revealed |
| Date: | 2007-08-02 12:27:22 |
| Message-ID: | 46B1CDAA.8050902@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-advocacy |
Peter Eisentraut wrote:
> Am Donnerstag, 2. August 2007 13:31 schrieb Robert Bernier:
>> New timing attack doesn't need application bugs to work
>>
>> http://www.computerworlduk.com/management/security/cybercrime/news/index.cf
>> m?RSS&newsid=4344
>
> This is complete BS, as evidenced by this statement:
>
> """
> their attack involves performing record insertion operations, typically
> available to all database users - including anonymous users of front-end web
> applications - and analysing the time it takes to perform different kinds of
> insertions.
> """
>
> In principle, attacks of this kind would be possible, but it's not quite as
> simple as they make it appear.
>
That was roughly my thought as well.
In our case, would it even be possible given WAL?
Regards, Dave.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2007-08-02 12:39:07 | Re: Black Hat: New database attack revealed |
| Previous Message | Peter Eisentraut | 2007-08-02 12:16:23 | Re: Black Hat: New database attack revealed |