| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Jacob Burroughs <jburroughs(at)instructure(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: libpq compression (part 3) |
| Date: | 2024-05-17 23:02:59 |
| Message-ID: | CAGECzQQ4iQ=bhtC4E_rVs6XYAgQMzcjvUr-rGRdKPkGT0VKqgA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 17 May 2024 at 23:10, Jacob Champion
<jacob(dot)champion(at)enterprisedb(dot)com> wrote:
> We're talking about a transport-level option, though -- I thought the
> proposal enabled compression before authentication completed? Or has
> that changed?
I think it would make sense to only compress messages after
authentication has completed. The gain of compressing authentication
related packets seems pretty limited.
> (I'm suspicious of arguments that begin "well you can already do bad
> things"
Once logged in it's really easy to max out a core of the backend
you're connected as. There's many trivial queries you can use to do
that. An example would be:
SELECT sum(i) from generate_series(1, 1000000000) i;
So I don't think it makes sense to worry about an attacker using a
high compression level as a means to DoS the server. Sending a few of
the above queries seems much easier.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2024-05-17 23:30:35 | Re: Streaming read-ready sequential scan code |
| Previous Message | Jelte Fennema-Nio | 2024-05-17 22:54:03 | Re: libpq compression (part 3) |