Re: Adding Rendezvous support to postmaster - Mailing list pgsql-patches

From Peter Bierman
Subject Re: Adding Rendezvous support to postmaster
Date
Msg-id a05210207bafae720684f@[17.202.21.231]
Whole thread Raw
In response to Re: Adding Rendezvous support to postmaster  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-patches
At 2:30 AM -0400 5/26/03, Tom Lane wrote:
>Bruce Momjian <pgman@candle.pha.pa.us> writes:
>>  I will apply this patch soon,
>
>>  Chris Campbell wrote:
>>>  This allows client programs running on computers that are on the same
>>>  link-local network as the postgresql server to automatically find the
>>>  server's IP address and port number. This adds great ease-of-use for
>>>  end users.
>
>Are there any security issues that we should be worrying about here?

Rendezvous is only a service discovery protocol. There are no
security issues beyond those inherent in making the postmaster
service available at all. Think nmap, simplified.

There could be security implications for clients that connect via the
Rendezvous name and use no other authentication to verify that they
are talking to the server they expect. These risks are similar to the
risks posed by DNS spoofing for example.


>  >> Rendezvous also has the notion of a service type string. It's a bit
>>>  like a domain name: I suggest we use "_pgsql._tcp." (another example
>>>  would be "_ftp._tcp.").
>
>Is there some central authority that we need to register this name
>with?

No, but using the IANA service registration "postgresql" would
probably be the best choice.


PS: It'd be nice to have a corresponding patch for psql that offered
a menu of available postmasters.

-pmb

pgsql-patches by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Lonely Patch Seeks Long-Term Commitment to Codebase
Next
From: Barry Lind
Date:
Subject: Re: [JDBC] JDBC: Better initial capacity for StringBuffers reduces