From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Justin Pryzby <pryzby(at)telsasoft(dot)com> |
Cc: | Daniil Zakhlystov <usernamedt(at)yandex-team(dot)ru>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: libpq compression (part 2) |
Date: | 2022-01-07 18:46:00 |
Message-ID: | YdiKaL/AhNV9OtvK@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sat, Jan 1, 2022 at 11:25:05AM -0600, Justin Pryzby wrote:
> Thanks for working on this. The patch looks to be in good shape - I hope more
> people will help to review and test it. I took the liberty of creating a new
> CF entry. http://cfbot.cputube.org/daniil-zakhlystov.html
>
> +zpq_should_compress(ZpqStream * zpq, char msg_type, uint32 msg_len)
> +{
> + return zpq_choose_compressor(zpq, msg_type, msg_len) == -1;
>
> I think this is backwards , and should say != -1 ?
>
> As written, the server GUC libpq_compression defaults to "on", and the client
> doesn't request compression. I think the server GUC should default to off.
> I failed to convince Kontantin about this last year. The reason is that 1)
> it's a new feature; 2) with security implications. An admin should need to
> "opt in" to this. I still wonder if this should be controlled by a new "TYPE"
> in pg_hba (rather than a GUC); that would make it exclusive of SSL.
I assume this compression happens before it is encrypted for TLS
transport. Second, compression was removed from TLS because there were
too many ways for HTTP to weaken encryption. I assume the Postgres wire
protocol doesn't have similar exploit possibilities.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
From | Date | Subject | |
---|---|---|---|
Next Message | Justin Pryzby | 2022-01-07 19:21:10 | Re: libpq compression (part 2) |
Previous Message | Bharath Rupireddy | 2022-01-07 18:43:08 | Re: Disallow quorum uncommitted (with synchronous standbys) txns in logical replication subscribers |