Re: POC: Carefully exposing information without authentication
От | Antonin Houska |
---|---|
Тема | Re: POC: Carefully exposing information without authentication |
Дата | |
Msg-id | 21076.1748617331@localhost обсуждение исходный текст |
Ответы |
Re: POC: Carefully exposing information without authentication
|
Список | pgsql-hackers |
Greg Sabino Mullane <htamfids@gmail.com> wrote: > Proposal: Allow a carefully curated selection of information to be shown without authentication. > > A common task for an HA system or a load balancer is to quickly determine which of your Postgres clusters is the primary,and which are the > replicas. The canonical way to do this is to log in to each server with a valid username and password, and then run pg_is_in_recovery(). > That's a lot of work to determine if a server is a replica or not, and it struck me that this true/false information abouta running cluster is not > super-sensitive information. In other words, would it really be wrong if there was a way to advertise that informationwithout having to log in? > I toyed with the idea of Postgres maintaining some sort of signal file, but then I realized that we already have a process,listening on a known > port, that has that information available to us. > > Thus, this POC (proof of concept), which lets the postmaster scan for incoming requests and quickly handle them *before*doing forking and > authenticating. We scan for a simple trigger string, and immediately return the information to the client. Why is it important not to fork? My understanding is that pg_is_ready also tries to start a regular connection, i.e. forks a new backend. I think this functionality would fit into libpq. (I've got no strong opinion on the amount of information to be revealed this way. In any case, a GUC to enable the feature only if the DBA wants it makes sense.) -- Antonin Houska Web: https://www.cybertec-postgresql.com
В списке pgsql-hackers по дате отправления: