| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Greg Stark <gsstark(at)mit(dot)edu>, Zeugswetter Andreas DCP SD <ZeugswetterA(at)spardat(dot)at>, Dave Page <dpage(at)vale-housing(dot)co(dot)uk>, pgsql-hackers(at)postgresql(dot)org, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> |
| Subject: | Re: Practical impediment to supporting multiple SSL libraries |
| Date: | 2006-04-14 17:50:50 |
| Message-ID: | 20060414175050.GG5676@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Apr 14, 2006 at 01:05:11PM -0400, Tom Lane wrote:
> Martijn van Oosterhout <kleptog(at)svana(dot)org> writes:
> > Perhaps a far easier approach would be to indeed just have a hijack
> > interface that provides read/write over whatever protocol libpq
> > negotiated.
>
> Well, there's a precedent to look at: the original implementation of
> COPY mode was pretty nearly exactly that. And it sucked, and eventually
> we changed it. So I'd be pretty leery of repeating the experience...
As I remember, the main issue was with the loss of control over the
error state and recovering if stuff went wrong. In this case, once
someone hijacks a connection they can't hand it back. It only option is
to close.
It was just thinking of providing pointers to pqsecure_read/write and
maybe a few other things, but that's it.
Or was there something else?
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2006-04-14 18:27:25 | Re: Practical impediment to supporting multiple SSL libraries |
| Previous Message | Tom Lane | 2006-04-14 17:17:46 | Re: two-argument aggregates and SQL 2003 |