[HACKERS] Selectivity estimation for equality and range queries

2007-12-28 Thread Peter Eisentraut
I have been observing a case where the row count estimation for LIKE 'foo' is (much) higher than for LIKE 'foo%', the rest of the query being the same. This is a special case of the estimation for equality being higher than for a range query that includes the value used in the equality. I

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Greg Smith
On Thu, 27 Dec 2007, Stephen Frost wrote: Debian also has SELinux, if one wishes to configure it. I suspect other Debian-derived distributions also have it as a result. It can certainly be a pain to configure but it's far from impossible That's a good summary. As of Debian Etch (April of

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Naz Gassiep
The problem with forcing authentication is that an auth-unaware client connecting to a legitimate postmaster would have its connections refused. That same client would have its connections accepted by an impostor postmaster. Thus, there is no way to stop impostor postmasters from carrying out

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Andrew Sullivan
On Sat, Dec 29, 2007 at 02:09:23AM +1100, Naz Gassiep wrote: In the web world, it is the client's responsibility to ensure that they check the SSL cert and don't do their banking at www.bankofamerica.hax0r.ru and there is nothing that the real banking site can do to stop them using their

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Trevor Talbot
On 12/28/07, Andrew Sullivan [EMAIL PROTECTED] wrote: On Sat, Dec 29, 2007 at 02:09:23AM +1100, Naz Gassiep wrote: In the web world, it is the client's responsibility to ensure that they check the SSL cert and don't do their banking at www.bankofamerica.hax0r.ru and there is nothing that

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Tom Lane
Trevor Talbot [EMAIL PROTECTED] writes: There's a fundamental problem that you can't make someone else do authentication if they don't want to, and that's exactly the situation clients are in. I don't see how this can possibly be fixed anywhere other than the client. The point of requiring

Re: [HACKERS] Selectivity estimation for equality and range queries

2007-12-28 Thread Tom Lane
Peter Eisentraut [EMAIL PROTECTED] writes: I have been observing a case where the row count estimation for LIKE 'foo' is (much) higher than for LIKE 'foo%', the rest of the query being the same. This is a special case of the estimation for equality being higher than for a range query that

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Trevor Talbot
On 12/28/07, Tom Lane [EMAIL PROTECTED] wrote: Trevor Talbot [EMAIL PROTECTED] writes: There's a fundamental problem that you can't make someone else do authentication if they don't want to, and that's exactly the situation clients are in. I don't see how this can possibly be fixed

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Andrew Sullivan
On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote: I don't follow. What are banks doing on the web now to force clients to authenticate them, and how is it any different from the model of training users to check the SSL certificate? Some banks (mostly Swiss and German, from what

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Mark Mielke
Andrew Sullivan wrote: On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote: I don't follow. What are banks doing on the web now to force clients to authenticate them, and how is it any different from the model of training users to check the SSL certificate? Some banks

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Magnus Hagander
Andrew Sullivan wrote: On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote: I don't follow. What are banks doing on the web now to force clients to authenticate them, and how is it any different from the model of training users to check the SSL certificate? Some banks (mostly

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Magnus Hagander
Mark Mielke wrote: Andrew Sullivan wrote: On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote: I don't follow. What are banks doing on the web now to force clients to authenticate them, and how is it any different from the model of training users to check the SSL certificate?

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Mark Mielke
Magnus Hagander wrote: Mark Mielke wrote: I have done this for my own application before. Although the client and server use standard TLS 1.0 to speak to each other with a required authentication of RSA 1024-bit and a required encryption of AES 128-bit, it still requires that passwords sent

Re: [HACKERS] minimal update

2007-12-28 Thread Andrew Dunstan
Tom Lane wrote: Andrew Dunstan [EMAIL PROTECTED] writes: Tom Lane wrote: Well, you could write the trigger in C and it'd work for any table. I think it could be as simple as a memcmp of the tuples' data areas, since we now require padding bytes to be 0 ... Something like

Re: [HACKERS] minimal update

2007-12-28 Thread Tom Lane
Andrew Dunstan [EMAIL PROTECTED] writes: How does this look? if (newtuple-t_len == oldtuple-t_len newtuple-t_data-t_hoff == oldtuple-t_data-t_hoff HeapTupleHeaderGetNatts(newtuple) == HeapTupleHeaderGetNatts(oldtuple) (newtuple-t_data-t_infomask

Re: [HACKERS] Archiver behavior at shutdown

2007-12-28 Thread Simon Riggs
On Thu, 2007-12-27 at 18:54 -0500, Tom Lane wrote: Simon Riggs [EMAIL PROTECTED] writes: On Thu, 2007-12-27 at 17:29 -0500, Tom Lane wrote: Alvaro Herrera [EMAIL PROTECTED] writes: then a subsequent postmaster start could initiate a second archiver process which would cause issues with

Re: [HACKERS] Archiver behavior at shutdown

2007-12-28 Thread Greg Smith
On Sat, 29 Dec 2007, Simon Riggs wrote: System Shutdown System shuts down, postmaster shuts down, archiver works furiously until the end trying to archive things away. Archiver gets caught half way through copy, so crashes, leaving archiver.pid. Subsequent startup sees archiver.pid, postmaster

Re: [HACKERS] minimal update

2007-12-28 Thread Andrew Dunstan
Tom Lane wrote: Andrew Dunstan [EMAIL PROTECTED] writes: How does this look? if (newtuple-t_len == oldtuple-t_len newtuple-t_data-t_hoff == oldtuple-t_data-t_hoff HeapTupleHeaderGetNatts(newtuple) == HeapTupleHeaderGetNatts(oldtuple)

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Bruce Momjian
Magnus Hagander wrote: We could make it so that we *require* the root certificate to be present on the client and make the check, and simply refuse to connect without it. But my guess is that it'll just increase the bar for SSL adoption at all, whilst most people will find some insecure way to

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Tom Lane
Bruce Momjian [EMAIL PROTECTED] writes: Agreed. Requiring client root certificate checking is heavy-handed. There seems to be some confusion here. I didn't think anyone was proposing that we force every installation to require client root certificate checking. What was under discussion (I

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Bruce Momjian
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: Agreed. Requiring client root certificate checking is heavy-handed. There seems to be some confusion here. I didn't think anyone was proposing that we force every installation to require client root certificate checking. What was

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Bruce Momjian
Tomasz Ostrowski wrote: On Sun, 23 Dec 2007, Tom Lane wrote: ISTM we have these action items: 1. Improve the code so that SSL authentication can be used across a Unix-socket connection (we can disable encryption though). I've just realised that there's a problem with SSL with disabled

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Mark Mielke
Bruce Momjian wrote: Good point. I have added the last two sentences to the documentation paragraph to highlight this issue: productnameOpenSSL/productname supports a wide range of ciphers and authentication algorithms, of varying strength. While a list of ciphers can be specified in

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Mark Mielke
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: Agreed. Requiring client root certificate checking is heavy-handed. There seems to be some confusion here. I didn't think anyone was proposing that we force every installation to require client root certificate checking. What

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Bruce Momjian
Mark Mielke wrote: Bruce Momjian wrote: Good point. I have added the last two sentences to the documentation paragraph to highlight this issue: productnameOpenSSL/productname supports a wide range of ciphers and authentication algorithms, of varying strength. While a list of

Re: [HACKERS] Spoofing as the postmaster

2007-12-28 Thread Mark Mielke
Bruce Momjian wrote: OK, updated paragraph: It is possible to have authentication without encryption overhead by using literalNULL-SHA/ or literalNULL-MD5/ ciphers. However, a man-in-the-middle could read and pass communications between client and server. Also, encryption

Re: [HACKERS] minimal update

2007-12-28 Thread Andrew Dunstan
Andrew Dunstan wrote: Tom Lane wrote: Andrew Dunstan [EMAIL PROTECTED] writes: How does this look? if (newtuple-t_len == oldtuple-t_len newtuple-t_data-t_hoff == oldtuple-t_data-t_hoff HeapTupleHeaderGetNatts(newtuple) == HeapTupleHeaderGetNatts(oldtuple)