Tom Lane napsal(a):
> Alvaro Herrera <alvherre@commandprompt.com> writes:
>> I wonder if we can do something diffie-hellman'ish, where we have a
>> parameter exchanged in the initial SSL'ed handshake, which is later used
>> to generate new cancel keys each time the previous one is used.
>
> Seems like the risk of getting out of sync would outweigh any benefits.
> Lose one cancel message in the network, you have no hope of getting any
> more accepted.
When cancellation key is used client should explicitly ask for a new regenerated
cancel key.
Zdenek
--
Zdenek Kotala Sun Microsystems
Prague, Czech Republic http://sun.com/postgresql