On Fri, Mar 1, 2024 at 03:19:23PM +0100, Peter Eisentraut wrote: > On 29.02.24 22:25, Heikki Linnakangas wrote: > > Currently, cancel request key is a 32-bit token, which isn't very much > > entropy. If you want to cancel another session's query, you can > > brute-force it. In most environments, an unauthorized cancellation of a > > query isn't very serious, but it nevertheless would be nice to have more > > protection from it. The attached patch makes it longer. It is an > > optional protocol feature, so it's fully backwards-compatible with > > clients that don't support longer keys. > > My intuition would be to make this a protocol version bump, not an optional > feature. I think this is something that everyone should eventually be > using, not a niche feature that you explicitly want to opt-in for.
Agreed. -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
