>>>>> "Tom" == Tom Lane <tgl@sss.pgh.pa.us> writes:
>> Andrew Gierth wrote:>>> 2. The server accepts either the old-style or the secure cancel>>> request from the client,
butdoesn't allow old-style requests>>> once a valid secure request has been seen.
>> Hmm, I think there should be a way to turn off acceptance of>> old-style without necessarily requiring a new-style
request.>>Otherwise, how are you protected from DoS if you have never sent a>> cancel request at all?
Tom> Assuming you were using SSL, it's hard to see how an attacker isTom> going to get your cancel key without having
seena cancelTom> request.
Tom> However, I dislike Andrew's proposal above even without thatTom> issue, because it means *still more* changeable
statethat hasTom> to be magically shared between postmaster and backends.
You get it for free; initialize N on the server side to 0, and accept
old-style cancels only if it is still 0. (Require the first secure
cancel to have N > 0)
--
Andrew.
