Re: BUG #2052: Federal Agency Tech Hub Refuses to Accept Postgresql on Network because of Security Vulnerabilities
This is a discussion on Re: BUG #2052: Federal Agency Tech Hub Refuses to Accept Postgresql on Network because of Security Vulnerabilities within the pgsql Bugs forums, part of the PostgreSQL category; --> > Bug reference: 2052 > Logged by: Ferindo Middleton > Email address: fmiddleton@verizon.net > PostgreSQL version: 8.0.4 > Operating ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-10-2008, 09:28 AM
| ||||
| ||||
 Re: BUG #2052: Federal Agency Tech Hub Refuses to Accept Postgresql on Network because of Security Vulnerabilities > Bug reference: 2052 > Logged by: Ferindo Middleton > Email address: fmiddleton@verizon.net > PostgreSQL version: 8.0.4 > Operating system: Windows 2000 > Description: Federal Agency Tech Hub Refuses to Accept > Postgresql on > Network because of Security Vulnerabilities > Details: > > This bug report involves more than one proposed bug. I work > at a federal government agency. The information technology > division at this agency refuses to allow the database version > 8.0.4 on their network because of several security > vulnerabilities they noticed when testing the software > application. The database would run on a Windows 2000 > Professional computer system. The division I work for wants > to use the database as a backend to a set Java Server Pages I > developed to be served via Apache Tomcat. My application > works great with PostgreSQL but the problem is getting the IS > team at this agency to accept PostgreSQL db. I know nothing > about hacking PostgreSQL. I am merely know how to install, > setup, run the database and write JSP applications to us the > database in the background so these security vulnerabilities > are beyond the scope of my own understanding of the database > from a mere admin/user level. > > I am going to paste below the feedback I received concerning > the vulnerabilities of the database in hopes that The > PostgreSQL Global Development Group would consider looking > into each stated flaw. I believe that resolution of these > vulnerabilities would be a major achievement of our database > management system and possibly open the software up to more > government acceptance and utilization, which I believe it is lacking. I beleive every single one of these bugs is fixed in the currently available releases. So if you get 8.0.4 or 8.1.0, you're fine for any of these. (Oh, and what *do* they allow? Oracle, for example, has had a *lot* more security vulnerabilities during the same time, some of which aren't even patched yet.. And they can't seriously have a zero-bugs-even-if-fixed policy, because then they couldn't install *anything*...) //Magnus ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org      |
Linear Mode
