| From: | Oliver Jowett <oliver(at)opencloud(dot)com> |
|---|---|
| To: | David Garamond <lists(at)zara(dot)6(dot)isreserved(dot)com> |
| Cc: | Alvaro Herrera <alvherre(at)dcc(dot)uchile(dot)cl>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Two-phase commit security restrictions |
| Date: | 2004-10-14 05:21:23 |
| Message-ID: | 416E0CD3.1030104@opencloud.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Garamond wrote:
>> So it is possible for a user connected to the DB to send random commit
>> or cancel commands, just in case she happens to hit a valid GID?
>
>
> It is not essentially different from someone trying to bruteforce a
> password. A 128bit value like a random GUID is as strong as a 16 char
> password comprising ASCII 0-255 characters. And I would argue that this
> is _not_ security through obscurity. Security through obscurity is
> relying on unpublished methods/algorithms. This is not.
You have no guarantees that GIDs generated by an external transaction
manager are random. An obvious implementation is TM-identity plus
sequence number, which is very predictable.
-O
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paesold | 2004-10-14 06:17:41 | Re: Why we still see some reports of "could not access transaction status" |
| Previous Message | David Garamond | 2004-10-14 05:00:34 | Re: Two-phase commit security restrictions |