Mod_auth_pgsql Vulnerability Getting Too Much Hype
Apparently tech editors are [http://it.slashdot.org/article.pl?sid=05/12/23/0153254&tid=221 struggling for stories] this time of year. From [http://www.techworld.com/security/news/index.cfm?NewsID=5117 techworld’s Matthew Broersma] we get an “article” about a recent [http://securitytracker.com/alerts/2006/Jan/1015446.html mod_auth_pgsql exploit] with this over the top headline and opening sentence:
**Apache shot with security holes**
“Companies running Apache and a PostgreSQL database are at risk from serious Internet intrusion.”
Is this guy a direct disciple of [http://en.wikipedia.org/wiki/J._Jonah_Jameson J. Jonah Jameson]? To be honest I don’t even **know** of anyone running [http://freshmeat.net/projects/mod_auth_pgsql/ mod_auth_pgsql]; I’m sure it is an important piece of software and the folks running it surely do need to upgrade, but I fail to see it as the doom and gloom scenario that Broersma tries to paint with those type of headlines. This probably wouldn’t bother me if there weren’t [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0105 real security issues] and actual news items about [http://www.postgresql.org/about/news.456 releases that people really do need to be worrying about].
</rant>