Home > mailing lists

Re: Don't use the deprecated and insecure PQcancel in our frontend tools anymore - Mailing list pgsql-hackers

From	Jelte Fennema-Nio
Subject	Re: Don't use the deprecated and insecure PQcancel in our frontend tools anymore
Date	February 8 22:05:57
Msg-id	DG9TD0OX13DP.2JAB9LIS2HTLO@jeltef.nl Whole thread Raw
In response to	Don't use the deprecated and insecure PQcancel in our frontend tools anymore ("Jelte Fennema-Nio" <postgres@jeltef.nl>)
List	pgsql-hackers

Tree view

On Sun Dec 14, 2025 at 3:40 PM CET, Jelte Fennema-Nio wrote:
> A bunch of frontend tools, including psql, still used PQcancel to send
> cancel requests to the server. That function is insecure, because it
> does not use encryption to send the cancel request. This starts using
> the new cancellation APIs (introduced in 61461a300) for all these
> frontend tools.

Small update. Split up the fe_utils and pg_dump changes into separate
commits, to make patches easier to review. Also use non-blocking writes
to the self-pipe from the signal handler to avoid potential deadlocks
(extremely unlikely for such blocks to occur, but better safe than sorry).

Attachment

pgsql-hackers by date:

From: Andres Freund
Date: 08 February, 21:38:42
Subject: Re: Buffer locking is special (hints, checksums, AIO writes)

From: "Jelte Fennema-Nio"
Date: 08 February, 23:27:08
Subject: Re: Correct documentation for protocol version

Re: Don't use the deprecated and insecure PQcancel in our frontend tools anymore - Mailing list pgsql-hackers

Attachment

Previous

Next