>
>
>
Stupid question - is sin(3m) a call-through to the math coprocessor? It
probably only matters when doing a series of calculations (where the extra
guard bits can matter) and not when doing a simple one-time lookup but it
might be something to consider in regards to setting a precedent.
I'm starting to work on a tar FDW as a proxy for a much more specific FDW.
(It's the 'faster to build two and toss the first away' approach - tar lets
me get the FDW stuff nailed down before attacking the more complex
container.) It could also be useful in its own right, or as the basis for a
zip
. It has searchable metadata, e.g.,
finding all records with a specific subject.)
Bear
On Mon, Aug 17, 2015 at 8:29 AM, Greg Stark st...@mit.edu wrote:
On Mon, Aug 17, 2015 at 3:14 PM, Bear Giles bgi...@coyotesong.com wrote:
I'm starting to work on a tar FDW as a proxy for a much more specific
FDW
Hi, I'm working on a FDW for the unix/linux user database - think
/etc/passwd and /etc/group although I'm actually using system calls that
could be quietly redirected to LDAP or other backends. It's easy to create
the FDW and a table associated with it, something like
CREATE TABLE passwd (
Bruce Momjian wrote:
Marc G. Fournier wrote:
My suggestion would be to eventually phase out ssl2 in favor of ssl3 or
tls. And, as we are phasing it out, make it an opt-in thing, where the
dba has to turn on ssl2 KNOWING he is turning on a flawed protocol.
That was sort of my point --- if we
Sorry, there is a newer version. I will use that one.
You may want to hold off on that - I've been busy lately and haven't had
a chance to revisit the documentation or change some of the literal constants
to numeric constants, but it's been on my to do list.
The latter didn't affect the other
It occurs to me that part of the problem with wasted and incomplete
efforts can be fixed with a clear security policy. The part that
I'm interested in is provided below, in a very truncated form.
Secure Communications Channels
--
Secure communications channels can
I sent this earlier, but accidently sent it from the wrong account
and it's been sitting in the pending spool all day.
Since writing it, I've sketched in server-side GSS-API and SASL
support for my prior patches. The objective isn't to immediately
support either, but to ensure that future
A second cut at SSL documentation
SSL Support in PostgreSQL
=
Who needs it?
=
The sites that require SSL fall into one (or more) of several broad
categories.
*) They have insecure networks.
Examples of insecure networks are anyone in a corporate
Another set of SSL patches have been sent to the patches list.
(No idea when they'll get through the system.) This is a new
baseline set of patches that fix many of the problems identified
earlier and also add a number of security patches.
N.B., some of these changes are visible to the user,
What are the benefits of SASL+Postgresql compared to Postgresql over plain SSL?
SASL is orthogonal to SSL. SASL is an application-layer library
and can be run over either regular sockets or SSL. However there
are SASL hooks to tell it that it's running over a secure channel.
The anticipated
I can see the benefit of SASL as a standard in public exposed network
services like email servers (SMTP, POP, IMAP), where you can support
different email clients which themselves may or may not support SASL and
may use different SASL libraries.
But for Postgresql - communications is
Attached is the first cut at mkcert.sh, a tool to create PostgreSQL
server certificates. It also sets up a directory suitable for the
OpenSSL CA tool, something that can be used to sign client certs.
The root cert should be added to the backend SSL cert verification
tools, and copied to user's
Attached is the first cut at some SSL documetation for the
PostgreSQL manual. It's in plain text, not DocBook, to make
editing easy for the first few revisions. The documentation
leads the code by a day or so.
Also, I'm still having problems with the patches list - none
of my recent
a better fix is to explicitly create a new abstraction layer.
Well, this is supposed to be an abstraction already. ;-)
The new abstraction layer would localize SSL vs. plain sockets, and
possibly SASL as well.
The SSL issues I've identified to date are:
critical
- no check for
I've been looking at the authentication and networking code and
would like to float a trial balloon.
1) add SASL. This is a new standards-track protocol that is often
described as PAM for network authentication. PostgreSQL could
remove *all* protocol-specific authentication code and use
I came across another bug in the SSL code. backend/libpq/pqcomm.c:pq_eof()
calls recv() to read a single byte of data to check for EOF. The
character is then stuffed into the read buffer.
This will not work with SSL. Besides the data being encrypted, you
could end up reading a byte from an
I'm not that clueful about SASL -- would this mean that we could get
rid of the PostgreSQL code that does SSL connections, plus MD5, crypt,
ident, etc. based authentication, and instead just use the SASL stuff?
We would still need the ability to map user identities - pgusers for
those methods
Bear Giles [EMAIL PROTECTED] writes:
1) add SASL. This is a new standards-track protocol that is often
described as PAM for network authentication.
To me, new standards-track protocol translates as pie in the sky.
When will there be tested, portable, BSD-license libraries that we
Is there any existing way of making queries from
postmaster (other than setting up a client
connection from it)?
There is no existing way, and none will be added in
the future either.
There are good system-reliability reasons for
keeping the postmaster
away from the
In fact, my grammar currently has an obscene
20 shift/reduce and 4 reduce/reduce conflicts!
A shift/reduce conflict, IIRC, usually indicates a situation where
the grammar is unambiguous but may be inefficient. Eliminating them
is nice, but not critical.
A R/R conflict, in contrast, is a
I recently discovered a problem inserting a user-defined type when
going through a rule. I'm not sure if it's a -hackers or -users question,
but since it involves the interaction of a user-defined type and rules
I thought it envitable that I would end up here anyway.
The object in question is
I'm using 7.1.3 currently, but am building and installing 7.2.1 tonight
to see if this fixes the problem.
I don't know the standard types and functions well enough to be able to
whip out a test case, but I think I do have an idea on what the problem
is. If I'm right, the problem is triggered by
You have to write xmlGetUser() to take in the userid and return the
xml required for it. I see no advantage to generating the xml in the
db rather than in the servlet.
As a counterexample, my PKIX extensions defined an XML datatype
that could be used to generate XML instead of the standard
24 matches
Mail list logo