zlacker

[parent] [thread] 1 comments
1. coldte+(OP)[view] [source] 2022-09-10 21:15:02
>* Shodan knew at least 600,000 PostgreSQLs listening on the open internet when I last looked. Presumably quite a few are mistakes, of course.*

A few? I'd say most are accidental and the rest are just bad ideas...

>But people do it and the sky doesn't fall.

Well, the same is true for playing Russian roulette too. Most of the times you're winning!

replies(1): >>mike_h+b6
2. mike_h+b6[view] [source] 2022-09-10 22:18:36
>>coldte+(OP)
We don't know either way, but a standard Postgres install doesn't let remote connections do much. You still have to authenticate before anything is allowed. It's not much different to sshd in this regard. A typical web server is far more promiscuous, with a massive surface area exposed to unauthenticated connections. There have been way more disasters from buggy web frameworks/apps that get systematically popped by crawlers, than from people running RDBMS.
[go to top]