| ▲ | i18nagentai 2 hours ago | |||||||||||||||||||||||||
What strikes me most about this is how it illustrates the tension between backward compatibility and security in long-lived systems. The cancel key approach made total sense in the context of early Unix networking assumptions, but those assumptions have quietly eroded over decades. The fact that the cancel token is only 32 bits of entropy and sent in cleartext means it was never really designed for adversarial environments -- it was a convenience feature that became load-bearing infrastructure. I wonder if the Postgres community will eventually move toward a multiplexed protocol layer (similar to what HTTP/2 did for HTTP) rather than trying to bolt security onto the existing out-of-band mechanism. | ||||||||||||||||||||||||||
| ▲ | dmurray 2 hours ago | parent | next [-] | |||||||||||||||||||||||||
Doesn't it also make sense in the context of modern networking assumptions? I've never had to connect to PostGres in an adversarial environment. I've been at work or at home and I connected to PostGres instances owned by me or my employer. If I tried to connect to my work instance from a coffee shop, the first thing I'd do would be to log in to a VPN. That's your multiplexed protocol layer right there: the security happens at the network layer and your cancel happens at the application layer. This is a different situation from websites. I connect to websites owned by third parties all the time, and I want my communication there to be encrypted at the application layer. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
| ▲ | tensegrist 2 hours ago | parent | prev [-] | |||||||||||||||||||||||||
is sed s/—/--/ the new meta | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||