hcq/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2026-03-12 15:16:57 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ea96568396830e2c5e409dbafbcece30c72b8698
postgresql/src/backend/libpq
History
Tom Lane 52a414387e Require update permission for the large object written by lo_put(). 
lo_put() surely should require UPDATE permission, the same as lowrite(),
but it failed to check for that, as reported by Chapman Flack.  Oversight
in commit c50b7c09d; backpatch to 9.4 where that was introduced.

Tom Lane and Michael Paquier

Security: CVE-2017-7548
2017-08-07 10:19:20 -04:00
..
auth.c
Don't allow logging in with empty password.
2017-08-07 17:03:49 +03:00
be-fsstubs.c
Require update permission for the large object written by lo_put().
2017-08-07 10:19:20 -04:00
be-secure-openssl.c
Disallow SSL session tickets.
2017-08-04 11:07:10 -04:00
be-secure.c
pgindent run for 9.6
2016-06-09 18:02:36 -04:00
crypt.c
Don't allow logging in with empty password.
2017-08-07 17:03:49 +03:00
hba.c
Fix typos in comments.
2017-02-06 11:34:15 +02:00
ip.c
Update copyright for 2016
2016-01-02 13:33:40 -05:00
Makefile
Support frontend-backend protocol communication using a shm_mq.
2014-10-31 12:02:40 -04:00
md5.c
Update copyright for 2016
2016-01-02 13:33:40 -05:00
pg_hba.conf.sample
Remove support for native krb5 authentication
2014-01-19 17:05:01 +01:00
pg_ident.conf.sample
Reformat the comments in pg_hba.conf and pg_ident.conf
2010-01-26 06:58:39 +00:00
pqcomm.c
Second try at fixing tcp_keepalives_idle option on Solaris.
2017-06-28 12:30:16 -04:00
pqformat.c
Fix several mistakes around parallel workers and client_encoding.
2016-06-30 18:35:32 -04:00
pqmq.c
Add a nonlocalized version of the severity field to client error messages.
2016-08-26 16:20:24 -04:00
pqsignal.c
Update copyright for 2016
2016-01-02 13:33:40 -05:00
README.SSL
Remove useless whitespace at end of lines
2010-11-23 22:34:55 +02:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------