Alvaro Herrera <[EMAIL PROTECTED]> writes: > Andrew Gierth wrote: >> 2. The server accepts either the old-style or the secure cancel >> request from the client, but doesn't allow old-style requests >> once a valid secure request has been seen.
> Hmm, I think there should be a way to turn off acceptance of old-style > without necessarily requiring a new-style request. Otherwise, how are > you protected from DoS if you have never sent a cancel request at all? Assuming you were using SSL, it's hard to see how an attacker is going to get your cancel key without having seen a cancel request. However, I dislike Andrew's proposal above even without that issue, because it means *still more* changeable state that has to be magically shared between postmaster and backends. If we want to have a way for people to disable insecure cancels, we should just have a postmaster configuration parameter that does it. Also, this whole proposal has gotten far past what I'd consider a sanely back-patchable thing. Don't bother thinking about whether it will go into pre-8.4 code. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers