Heikki Linnakangas wrote:
> One idea for fixing this is to make cancellation keys disposable, and
> automatically issue a new one through the main connection when one is
> used, but that's not completely trivial, and requires a change in both
> the clients and the server. Another idea is to send the query cancel
> message only after SSL authentication, but that is impractical for libpq
> because we PQcancel needs to be callable from a signal handler.
I wonder if we can do something diffie-hellman'ish, where we have a
parameter exchanged in the initial SSL'ed handshake, which is later used
to generate new cancel keys each time the previous one is used.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.