On Monday 26 August 2002 12:59 pm, Bruce Momjian wrote: > Tom Lane wrote: > > It may indeed make sense to put a range check here, but I'm getting > > tired of hearing the words "dos attack" applied to conditions that > > cannot be exploited to cause any real problem. All you are > > accomplishing is to spread FUD among people who aren't sufficiently > > familiar with the code to evaluate the seriousness of problems...
> It isn't fun to have our code nit-picked apart, and Sir-* is over-hyping > the vulnerability, but it is a valid concern. The length should > probably be clipped to a reasonable length and a comment put in the code > describing why. The pseudo-security-alert format used isn't terribly palatable here, IMHO. On BugTraq it might fly -- but not here. A simple 'Hey guys, I found a possible problem when.....' without the big-sounding fluff would sit better with me, at least. The substance of the message is perhaps valuable -- but the wrapper distracts from the substance. And dealing with a real name would be nice, IMHO. Otherwise we may end up with 'SMtT' as the nickname -- Hmmm, 'SMitTy' perhaps? :-) Reminds me of 'Uncle George' who did quite a bit for the Alpha port and then disappeared. -- Lamar Owen WGCR Internet Radio 1 Peter 4:11 ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
