Обсуждение: [MASSMAIL]how to check if the license is expired.

On 2024-03-30 09:23:15 -0400, Ron Johnson wrote:
> On Sat, Mar 30, 2024 at 9:15 AM 黄宁 <huangning0722@gmail.com> wrote:
>
>     I want to develop a postgresql paid extension, then there is a local
>     license file, how do I check if the license file is expired, check it once
>     at each api execution, will that affect the performance of the api, is
>     there any other way?
>
>
> What you're really asking is "how do I read a file from an extension?".
>  

We often chide users for falling into the "XY problem"[1] trap, so think
it's nice that 黄宁 asks about the bigger picture.

I can't help with the extension (never wrote one), but a few thoughts:

Basically I see three ways to get at the license information:

* from a file (as mentioned)
* from a database table
* over the network (e.g. from a license server)

On my (not very fast) laptop I can open and read a small text file in
about 25 µs. Selecting one row from a small database table takes about 100
µs, which is quite a bit slower but I tested that from an external
process. A stored procedure would be faster than that and possibly even
faster than the file access. A query over the network is unlikely to be
faster.

Plus of course you need to check the contents, which likely involves
some cryptographic operation. Checking a 2048 bit RSA signature takes
about 30 µs on my laptop, most other algorithms are slower (unless you
go with a simple HMAC which wouldn't be secure).

So realistically we are somewhere in the 50 to 200 µs range.

Is this an acceptable performance penalty per API call? If not, is it
really necessary to check this on every call? Maybe it can be done just
once per session or once per hour.

        hp


[1] You have problem X and think that Y is part of the solution. So you
    ask how to achieve Y. However, Z would be better than Y for solving
    X, but nobody can tell you because they don't know about X.

--
   _  | Peter J. Holzer    | Story must make more sense than reality.
|_|_) |                    |
| |   | hjp@hjp.at         |    -- Charles Stross, "Creative writing
__/   | http://www.hjp.at/ |       challenge!"

> On Mar 31, 2024, at 09:59, Peter J. Holzer <hjp-pgsql@hjp.at> wrote:
> Is this an acceptable performance penalty per API call? If not, is it
> really necessary to check this on every call? Maybe it can be done just
> once per session or once per hour.

It's probably not required to check it every API call.  Two places come to mind:

_PG_init -- Although I don't know the possibility or wisdom of reading from a file there.
shmem_startup_hook -- It's definitely OK to read from a file there.

Remember that you have the full ability to crash PostgreSQL in an extension, so it really needs to be bulletproof.  You
don'twant the shared library to fail to load if the license isn't valid.  Instead: 

-- If the functionality is exposed as functions, return an error when one of those functions is used, if the extension
isnot licensed. 
-- If the functionality modifies PostgreSQL behavior, disable that modification.

If you are validating the license via a network call... I would counsel against having a network call as part of
PostgreSQL'sstartup process.  It might work to make the call on-demand the first time the extension is used, and the
resultstored locally, although I would limit that to function calls rather than, say, a hook into the planner. 

You also need to decide exactly how you want to distribute this extension.  Most PostgreSQL extensions are supplied as
sourceand built against PostgreSQL.