Re: pg_hba.conf && ident ...

On Wed, 10 May 2000, Jan Wieck wrote:

> Tom Lane wrote:
> > Bingo.  All your cores show the thing waiting inside the ident code:
> >
> > [...]
> >
> > Looking at the code, there doesn't seem to be any defense against a
> > broken ident server --- there is no timeout or anything being used here!
> > Ugh.  Has it always been like this?
> >
> > Anyway, I think the immediate fix for you is to stop using ident auth
> > for that host, at least till we can improve this code...
> 
>     Looks  like  the  entire  communication  with a new client is
>     handled  in   a   nonblocking   manner   via   select(2)   in
>     ServerLoop().  I think the ident lookup belongs to there too,
>     and this improvement isn't something for  a  quick  hack.  It
>     takes a little longer to be well tested.
> 
>     Let's try it for 7.0.1 or 7.0.2. Clearly is a bugfix IMHO.
> 
>     Also  we  might  think about using some kind of timeout after
>     which a new connection should either get rejected or succeeds
>     in  backend  start.  Just  to  prevent  a  bogus  client from
>     creating a forever dangling connection.

Cool, our first DOS :)