>>>>> "Tom" == Tom Lane <[EMAIL PROTECTED]> writes:
>> Andrew Gierth wrote: >>> 2. The server accepts either the old-style or the secure cancel >>> request from the client, but doesn't allow old-style requests >>> once a valid secure request has been seen. >> Hmm, I think there should be a way to turn off acceptance of >> old-style without necessarily requiring a new-style request. >> Otherwise, how are you protected from DoS if you have never sent a >> cancel request at all? Tom> Assuming you were using SSL, it's hard to see how an attacker is Tom> going to get your cancel key without having seen a cancel Tom> request. Tom> However, I dislike Andrew's proposal above even without that Tom> issue, because it means *still more* changeable state that has Tom> to be magically shared between postmaster and backends. You get it for free; initialize N on the server side to 0, and accept old-style cancels only if it is still 0. (Require the first secure cancel to have N > 0) -- Andrew. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
