Download  PostgreSQL (32bit)

PostgreSQL (32bit) 9.3.3

PostgreSQL Global Development Group - 50.6MB (Open-Source)

Version: 9.3.3

Size: 50.6MB

Date Added: Feb 23, 2014

License: Open-Source

Languages: English

Publisher: PostgreSQL Global Development Group

Website: http://www.postgresql.org

OS: Windows XP/ Vista/ Windows 7/ Windows 8

User Rating:(Rate It!)

  0 (0%)        0 (0%)      Comments

  No Virus

  No Spyware

  No Bundle

Advertisement

PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness.

It is fully ACID compliant, has full support for foreign keys, joins, views, triggers, and stored procedures (in multiple languages). It includes most SQL:2008 data types, including INTEGER, NUMERIC, BOOLEAN, CHAR, VARCHAR, DATE, INTERVAL, and TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video. It has native programming interfaces for C/C++, Java, .Net, Perl, Python, Ruby, Tcl, ODBC, among others, and exceptional documentation.
Version 9.3.3

Shore up GRANT ... WITH ADMIN OPTION restrictions

Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions.

Prevent privilege escalation via manual calls to PL validator functions


The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any.

Avoid multiple name lookups during table and index DDL


If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack.
......
See more details here: http://www.postgresql.org/docs/current/static/release-9-3-3.html

Advertisement

  • Copy the following code to link to this page:
Note: This program is advertising supported and may offer
to install third party programs that are not required.
These may include a toolbar, changing your homepage,
default search engine or installing other party programs.
Please watch the installation carefully to opt out.

Filepuma uses cookies to improve content and ensure you get the best experience on our website. By continuing to use this website, you agree to our privacy policy.

ACCEPT