Home > mailing lists

Re: [HACKERS] Client Connection redirection support for PostgreSQL - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [HACKERS] Client Connection redirection support for PostgreSQL
Date	February 14, 2018 04:23:21
Msg-id	8435.1518560601@sss.pgh.pa.us Whole thread Raw
In response to	Re: [HACKERS] Client Connection redirection support for PostgreSQL (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: [HACKERS] Client Connection redirection support for PostgreSQL (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

Robert Haas <robertmhaas@gmail.com> writes:
> -- might need some defense against the redirected-to server getting
> the same password as was sent to the original server.  Is that a
> security risk?  Does HTTP have a rule about this?

Without having read any of the previous discussion ... I'd say that if the
redirect info is placed in pg_hba.conf then I would expect a redirect to
happen before any authentication exchange, so that this is not an issue.
Perhaps it would be a good security measure for clients to refuse a
redirect once they've sent any auth-related messages.

But ... pg_hba.conf?  Really?  Surely that is a completely random and
inappropriate place to control redirection?

            regards, tom lane

pgsql-hackers by date:

From: Patrick Krecker
Date: 14 February 2018, 03:44:34
Subject: TODO item: WAL replay of CREATE TABLESPACE with differing directory structure

From: Andres Freund
Date: 14 February 2018, 05:01:55
Subject: Re: Add more information_schema columns

Re: [HACKERS] Client Connection redirection support for PostgreSQL - Mailing list pgsql-hackers

Previous

Next