Re: POC: Carefully exposing information without authentication

Greg Sabino Mullane <htamfids@gmail.com> wrote:

> Proposal: Allow a carefully curated selection of information to be shown without authentication.
>
> A common task for an HA system or a load balancer is to quickly determine which of your Postgres clusters is the
primary,and which are the 
> replicas. The canonical way to do this is to log in to each server with a valid username and password, and then run
pg_is_in_recovery().
> That's a lot of work to determine if a server is a replica or not, and it struck me that this true/false information
abouta running cluster is not 
> super-sensitive information. In other words, would it really be wrong if there was a way to advertise that
informationwithout having to log in? 
> I toyed with the idea of Postgres maintaining some sort of signal file, but then I realized that we already have a
process,listening on a known 
> port, that has that information available to us.
>
> Thus, this POC (proof of concept), which lets the postmaster scan for incoming requests and quickly handle them
*before*doing forking and 
> authenticating. We scan for a simple trigger string, and immediately return the information to the client.

Why is it important not to fork?  My understanding is that pg_is_ready also
tries to start a regular connection, i.e. forks a new backend. I think this
functionality would fit into libpq. (I've got no strong opinion on the amount
of information to be revealed this way. In any case, a GUC to enable the
feature only if the DBA wants it makes sense.)

--
Antonin Houska
Web: https://www.cybertec-postgresql.com