| From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
|---|---|
| To: | "Magnus Hagander" <magnus(at)hagander(dot)net>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Gregory Stark" <stark(at)enterprisedb(dot)com>, <pgsql-hackers(at)postgresql(dot)org>, "Andrew Gierth" <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
| Subject: | Re: Replay attack of query cancel |
| Date: | 2008-08-13 15:11:08 |
| Message-ID: | 48A2B33C.EE98.0025.0@wicourts.gov |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>>> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> BTW, should we make all of this conditional on the use of an SSL
> connection? If the original sending of the cancel key isn't secure
> against sniffing, it's hard to see what anyone is buying with all
the
> added computation.
+1
All of our important production work is done with local connections.
If the machine has been compromised to the level that loopback traffic
is being intercepted, these protections won't help.
-Kevin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2008-08-13 15:17:58 | Re: Transaction-controlled robustness for replication |
| Previous Message | Bruce Momjian | 2008-08-13 15:03:19 | Re: Uncopied parameters on CREATE TABLE LIKE |