| From: | Oliver Jowett <oliver(at)opencloud(dot)com> |
|---|---|
| To: | David Garamond <lists(at)zara(dot)6(dot)isreserved(dot)com> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Two-phase commit security restrictions |
| Date: | 2004-10-14 03:14:06 |
| Message-ID: | 416DEEFE.9040802@opencloud.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Garamond wrote:
> Oliver Jowett wrote:
>
>> Heikki Linnakangas wrote:
>>
>>> Another approach I've been thinking about is to allow anyone that
>>> knows the (user-supplied) global transaction identifier to finish the
>>> transaction, and hide the gids of running transactions from regular
>>> users. That way, the gid acts as a secret token that's only known by
>>> the transaction manager, much like the cancel key.
>>
>>
>> Doesn't this break recovery? The TM needs to find all outstanding GIDs
>> for a particular resource.
>
>
> Isn't it the TM's job to remember all the outstanding GIDs?
At a minimum it has to know how to contact all resources that might be
involved in in-doubt transactions. Whether it also knows all the GIDs
seems to depend somewhat on the TM's transaction log implementation
(e.g. it may not be logging start-of-prepare).
My concern was more along the lines of how to implement Java's
XAResource interface, which has 'Xid[] XAResource.recover(int flags)'
i.e. the TM does not request recovery for specific transactions, it
requests recovery for a whole resource. I think this is just a mapping
of how the underlying XA system works, so presumably it'll be a problem
for other XA-based APIs too.
-O
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2004-10-14 03:52:27 | Re: First set of OSDL Shared Mem scalability results, some |
| Previous Message | David Garamond | 2004-10-14 02:45:31 | Re: Two-phase commit security restrictions |