On 29.02.24 22:25, Heikki Linnakangas wrote:
> Currently, cancel request key is a 32-bit token, which isn't very much
> entropy. If you want to cancel another session's query, you can
> brute-force it. In most environments, an unauthorized cancellation of a
> query isn't very serious, but it nevertheless would be nice to have more
> protection from it. The attached patch makes it longer. It is an
> optional protocol feature, so it's fully backwards-compatible with
> clients that don't support longer keys.
My intuition would be to make this a protocol version bump, not an
optional feature. I think this is something that everyone should
eventually be using, not a niche feature that you explicitly want to
opt-in for.
> One complication with this was that because we no longer know how long
> the key should be, 4-bytes or something longer, until the backend has
> performed the protocol negotiation, we cannot generate the key in the
> postmaster before forking the process anymore.
Maybe this would be easier if it's a protocol version number change,
since that is sent earlier than protocol extensions?