On Wed, Oct 13, 2004 at 11:58:21PM +0700, David Garamond wrote: > Heikki Linnakangas wrote:
> >Another approach I've been thinking about is to allow anyone that knows > >the (user-supplied) global transaction identifier to finish the > >transaction, and hide the gids of running transactions from regular > >users. That way, the gid acts as a secret token that's only known by the > >transaction manager, much like the cancel key. > > Personally I prefer the last. It should be infeasible to crack as long > as the gid is long enough (e.g. sufficiently random 128bit value or > more) and the channel between the TM and Postgres is secure. So it is possible for a user connected to the DB to send random commit or cancel commands, just in case she happens to hit a valid GID? -- Alvaro Herrera (<alvherre[a]dcc.uchile.cl>) "La realidad se compone de muchos sueños, todos ellos diferentes, pero en cierto aspecto, parecidos..." (Yo, hablando de sueños eróticos) ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings