Home > mailing lists

Re: Replay attack of query cancel - Mailing list pgsql-hackers

From	Zdenek Kotala
Subject	Re: Replay attack of query cancel
Date	August 10, 2008 15:04:02
Msg-id	489F0290.3040906@sun.com Whole thread Raw
In response to	Re: Replay attack of query cancel (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane napsal(a):
> Alvaro Herrera <alvherre@commandprompt.com> writes:
>> I wonder if we can do something diffie-hellman'ish, where we have a
>> parameter exchanged in the initial SSL'ed handshake, which is later used
>> to generate new cancel keys each time the previous one is used.
> 
> Seems like the risk of getting out of sync would outweigh any benefits.
> Lose one cancel message in the network, you have no hope of getting any
> more accepted.

When cancellation key is used client should explicitly ask for a new regenerated 
cancel key.
    Zdenek

-- 
Zdenek Kotala              Sun Microsystems
Prague, Czech Republic     http://sun.com/postgresql

pgsql-hackers by date:

From: Andrew Gierth
Date: 10 August 2008, 13:02:29
Subject: Re: Replay attack of query cancel

From: ITAGAKI Takahiro
Date: 11 August 2008, 03:26:00
Subject: Re: ambulkinsert

Re: Replay attack of query cancel - Mailing list pgsql-hackers

Previous

Next