From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Disallow SSL compression? |
Date: | 2021-03-05 07:04:20 |
Message-ID: | YEHX9DuI4oM/C8DV@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Mar 04, 2021 at 11:52:56PM +0100, Daniel Gustafsson wrote:
> The attached version takes a step further and removes sslcompression from
> pg_conn and just eats the value as there is no use in setting a dummy alue. It
> also removes compression from PgBackendSSLStatus and be_tls_get_compression as
> raised by Michael downthread. I opted for keeping the column in pg_stat_ssl
> with a note in the documentation that it will be removed, for the same
> backwards compatibility reason of eating the connection param without acting on
> it. This might be overthinking it however.
FWIW, I would vote to nuke it from all those places, reducing a bit
pg_stat_get_activity() while on it. Keeping it around in the system
catalogs may cause confusion IMHO, by making people think that it is
still possible to get into configurations where sslcompression could
be really enabled. The rest of the patch looks fine to me.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | bchen90 | 2021-03-05 07:32:43 | Which PG version does CVE-2021-20229 affected? |
Previous Message | Julien Rouhaud | 2021-03-05 06:59:49 | Re: n_mod_since_analyze isn't reset at table truncation |