Re: Replay attack of query cancel
| От | Andrew Gierth |
|---|---|
| Тема | Re: Replay attack of query cancel |
| Дата | |
| Msg-id | 87r68o5qfl.fsf@news-spur.riddles.org.uk обсуждение исходный текст |
| Ответ на | Re: Replay attack of query cancel (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
>>>>> "Tom" == Tom Lane <tgl@sss.pgh.pa.us> writes: >> Andrew Gierth wrote:>>> 2. The server accepts either the old-style or the secure cancel>>> request from the client, butdoesn't allow old-style requests>>> once a valid secure request has been seen. >> Hmm, I think there should be a way to turn off acceptance of>> old-style without necessarily requiring a new-style request.>>Otherwise, how are you protected from DoS if you have never sent a>> cancel request at all? Tom> Assuming you were using SSL, it's hard to see how an attacker isTom> going to get your cancel key without having seena cancelTom> request. Tom> However, I dislike Andrew's proposal above even without thatTom> issue, because it means *still more* changeable statethat hasTom> to be magically shared between postmaster and backends. You get it for free; initialize N on the server side to 0, and accept old-style cancels only if it is still 0. (Require the first secure cancel to have N > 0) -- Andrew.
В списке pgsql-hackers по дате отправления: