Skip site navigation (1) Skip section navigation (2)

Re: Inconsistency in libpq connection parameters, and extension thereof

From: Daniel Farina <daniel(at)heroku(dot)com>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Alexander Shulgin <ash(at)commandprompt(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Inconsistency in libpq connection parameters, and extension thereof
Date: 2012-06-06 16:58:30
Message-ID: CAAZKuFYHB-ZzYy1tQbKEhJGEhna0OCQg27K8vh872_dzA7c7+g@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Wed, Jun 6, 2012 at 1:09 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Wed, Jun 6, 2012 at 4:38 AM, Daniel Farina <daniel(at)heroku(dot)com> wrote:
>> On Tue, Jun 5, 2012 at 6:43 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> Daniel Farina <daniel(at)heroku(dot)com> writes:
>> If that is the case, is there a convention we can use to separate the
>> parts of the connection string (in both representations) into the
>> parts sent to the server and the part that the client needs?  We
>> already abuse this a little bit because URI syntax (in general, not
>> just our rendition of it) leaves little room for extension for
>> parameters on the client side.  Consider ?sslmode=require.
>>
>> In both representations, the net effect of a typo would be that
>> instead of magically reading some properties on the client side,
>> they'd be sent to the server.  How often is this going  to be so wrong
>> that one cannot send a response from the server indicating to the user
>> their error?  On casual inspection it doesn't seem like prohibitively
>> often, but I haven't mulled over that for very long.
>
> I think that's an excellent example of this being a bad idea. If you
> mis-spell sslmode=require, that should absolutely result in an error
> on the client side. Otherwise, you might end up sending your password
> (or other details that are not as sensitive, but still sensitive) over
> an unencrypted connection. If you wait for the error from the server,
> it's too late.

That is an excellent point.  Is there enough time in the day to gripe
about how sslmode=require is not the default?

Well, this seems pretty obviated by the prefix-naming convention, but
it's an iron clad example of how the older idea was a bad one.

-- 
fdr

In response to

Responses

pgsql-hackers by date

Next:From: Andres FreundDate: 2012-06-06 17:46:11
Subject: Re: "page is not marked all-visible" warning in regression tests
Previous:From: Roger LeighDate: 2012-06-06 15:43:17
Subject: Re: Ability to listen on two unix sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group