>
> Bruce Momjian <maillist@candle.pha.pa.us> writes:
> >> However, if they are already snooping, how much harder
> >> is it for them to insert their own query into the tcp stream?
>
> > Can someone answer this for me?
>
> Well, that depends entirely on what your threat model is --- for
> example, someone with read access on /dev/kmem on a relay machine
> might be able to watch packets going by, yet not be able to inject
> more. On the other hand, someone with root privileges on another
> machine on your local LAN could likely do both.
>
> My guess is that most of the plausible cases that allow one also
> allow the other. But it's only a guess.
>
Oh, yes, one more thing. When generating the cancel key, We will have
to call random twice and return part of each so users will not see our
current random values.
When I remove the exec(), people will be able to call random() in the
backend to see the random value. May need to reset the seed on
backend startup.
--
Bruce Momjian | 830 Blythe Avenue
maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)