On Mon, May 20, 2024 at 12:49 PM Jacob Champion <jacob.champ...@enterprisedb.com> wrote: > ...and my response was that, no, the proposal doesn't seem to be > requiring that authentication take place before compression is done. > (As evidenced by your email. :D) If the claim is that there are no > security problems with letting unauthenticated clients force > decompression, then I can try to poke holes in that;
I would prefer this approach, so I suggest trying to poke holes here first. If you find big enough holes then... > or if the claim > is that we don't need to worry about that at all because we'll wait > until after authentication, then I can poke holes in that too. My > request is just that we choose one. ...we can fall back to this and you can try to poke holes here. I really hope that you can't poke big enough holes to kill the feature entirely, though. Because that sounds sad. -- Robert Haas EDB: http://www.enterprisedb.com