Re: Replay attack of query cancel

Heikki Linnakangas wrote:

> One idea for fixing this is to make cancellation keys disposable, and  
> automatically issue a new one through the main connection when one is  
> used, but that's not completely trivial, and requires a change in both  
> the clients and the server. Another idea is to send the query cancel  
> message only after SSL authentication, but that is impractical for libpq  
> because we PQcancel needs to be callable from a signal handler.

I wonder if we can do something diffie-hellman'ish, where we have a
parameter exchanged in the initial SSL'ed handshake, which is later used
to generate new cancel keys each time the previous one is used.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.