| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Make query cancellation keys longer |
| Date: | 2024-03-01 14:19:23 |
| Message-ID: | ba9f1055-40b3-42c7-a7c9-0b62d1959ee6@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 29.02.24 22:25, Heikki Linnakangas wrote:
> Currently, cancel request key is a 32-bit token, which isn't very much
> entropy. If you want to cancel another session's query, you can
> brute-force it. In most environments, an unauthorized cancellation of a
> query isn't very serious, but it nevertheless would be nice to have more
> protection from it. The attached patch makes it longer. It is an
> optional protocol feature, so it's fully backwards-compatible with
> clients that don't support longer keys.
My intuition would be to make this a protocol version bump, not an
optional feature. I think this is something that everyone should
eventually be using, not a niche feature that you explicitly want to
opt-in for.
> One complication with this was that because we no longer know how long
> the key should be, 4-bytes or something longer, until the backend has
> performed the protocol negotiation, we cannot generate the key in the
> postmaster before forking the process anymore.
Maybe this would be easier if it's a protocol version number change,
since that is sent earlier than protocol extensions?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bharath Rupireddy | 2024-03-01 14:32:00 | Re: Introduce XID age and inactive timeout based replication slot invalidation |
| Previous Message | Peter Eisentraut | 2024-03-01 14:12:40 | Re: pread, pwrite, etc return ssize_t not int |