Re: [HACKERS] Built-in plugin for logical decoding output

2017-09-26 Thread Henry
k you, Henry On Tue, Sep 26, 2017 at 9:37 AM Alvaro Hernandez wrote: > > > On 26/09/17 17:50, Craig Ringer wrote: > > On 26 September 2017 at 22:14, Magnus Hagander > wrote: > >> >> >> On Tue, Sep 26, 2017 at 2:16 PM, Alvaro Hernandez wrote: >> >&g

Re: [HACKERS] [RFC] What would be difficult to make data models pluggable for making PostgreSQL a multi-model database?

2017-09-13 Thread Henry
if there are any rough design/plans for this... https://wiki.postgresql.org/wiki/Fujitsu_roadmap#Multi-model_database - *graph: Natively support graph data model. Implement Cypher and/or Gremlin as the query language through UDFs.* Thank you, Henry On Sun, Sep 3, 2017 at 1:14 PM MauMau

Re: [HACKERS] [RFC] What would be difficult to make data models pluggable for making PostgreSQL a multi-model database?

2017-08-25 Thread Henry M
This may be interesting... they implement cypher (unfortunately they had to fork in order to have cypher be a first class query language with SQL). https://github.com/bitnine-oss/agensgraph On Mon, Aug 21, 2017 at 12:44 AM Chris Travers wrote: > On Sun, Aug 20, 2017 at 4:10 AM, MauMau wrote:

Re: [HACKERS] SSL renegotiation

2015-02-23 Thread Henry B Hotz
Renegotiation should be a best practice. Trouble is it's been broken (at the protocol level) three times in the last few years so it's a massive hole in practice. Ideally we should leave the renegotiate in, and only remove it if configure detects a broken version of TLS. Personal email. hbh..

Re: [HACKERS] reducing our reliance on MD5

2015-02-14 Thread Henry B (Hank) Hotz, CISSP
SASL was done by many of the same people who did GSSAPI. It's main practical advantages are that it supports password-based mechanisms (in addition to GSSAPI/krb5), and that it’s more explicitly pluggable than GSSAPI is. The password mechanism is simple enough that it's frequently implemented

Re: [HACKERS] Plans for 8.4

2008-07-31 Thread Henry B. Hotz
On Jul 31, 2008, at 7:58 AM, Magnus Hagander wrote: Stephen Frost wrote: * Henry B. Hotz ([EMAIL PROTECTED]) wrote: I'm making no promises, but what would people think of a hostgss hba option? As described, sounds like a win to me. It'd be very nice to be able to just

Re: [HACKERS] Plans for 8.4

2008-07-30 Thread Henry B. Hotz
What's the time frame for 8.4? I'm making no promises, but what would people think of a hostgss hba option? Using it would imply the gssapi/sspi authentication option. It would be mutually exclusive of the ssl link-encryption option. It would support strong encryption of the whole conne

Re: [HACKERS] 8.3 GSS Issues

2007-10-27 Thread Henry B. Hotz
On Oct 27, 2007, at 1:36 AM, Magnus Hagander wrote: If this isn't fixed then PG will never be a supported infrastructure service at JPL the way MySQL currently is. I had hoped to use the GSSAPI support as a feature to pry some people away from MySQL, but without the ability to integrate into a

Re: [HACKERS] 8.3 GSS Issues

2007-10-26 Thread Henry B. Hotz
On Oct 26, 2007, at 12:56 AM, Magnus Hagander wrote: On Thu, Oct 25, 2007 at 05:39:37PM -0700, Henry B. Hotz wrote: On Oct 25, 2007, at 3:27 PM, Stephen Frost wrote: * Henry B. Hotz ([EMAIL PROTECTED]) wrote: What you're asking for is basically a krb_match_realm parameter, or

Re: [HACKERS] 8.3 GSS Issues

2007-10-25 Thread Henry B. Hotz
On Oct 25, 2007, at 3:27 PM, Stephen Frost wrote: * Henry B. Hotz ([EMAIL PROTECTED]) wrote: What the krb5 method does is IMO a documented bug. The realm name is part of the name. As I explained at some length you cannot assume the username (first component of the principal) has any

Re: [HACKERS] 8.3 GSS Issues

2007-10-25 Thread Henry B. Hotz
On Oct 25, 2007, at 1:47 AM, Magnus Hagander wrote: On Fri, Oct 19, 2007 at 04:51:04PM -0700, Henry B. Hotz wrote: I know I haven't been very active for a while here, but I just got to testing the October 3 version a bit prior to getting back to the Java GSS client stuff I promised.

Re: [HACKERS] 8.3 GSS Issues

2007-10-25 Thread Henry B. Hotz
On Oct 25, 2007, at 10:22 AM, Tom Lane wrote: Magnus Hagander <[EMAIL PROTECTED]> writes: On Fri, Oct 19, 2007 at 04:51:04PM -0700, Henry B. Hotz wrote: There's no way to specify the gssapi library to use. I have three on my main development Sun: MIT, Sun, and Heimdal. I migh

[HACKERS] 8.3 GSS Issues

2007-10-19 Thread Henry B. Hotz
I know I haven't been very active for a while here, but I just got to testing the October 3 version a bit prior to getting back to the Java GSS client stuff I promised. There seem to be some funny things there. The only serious issue is that the server doesn't require the realm name to mat

Re: [HACKERS] GSSAPI patch

2007-07-10 Thread Henry B. Hotz
mentations (there could be of course, but the standard defines the protocol), but I'm sure headers and libraries could be in different places and have different names. Actually testing the authentication itself is of course a bonus :-) I've only tested it against Active Directory

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-05-02 Thread Henry B. Hotz
On May 2, 2007, at 3:11 AM, Magnus Hagander wrote: As to the question of GSSAPI vs SSL, I would never argue we don't want both. Part of what made the GSSAPI encryption mods difficult was my intent to insert them "above" the SSL encryption/buffering layer. That way you could double-encrypt the

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-05-01 Thread Henry B. Hotz
On May 1, 2007, at 3:11 PM, Magnus Hagander wrote: Also, last I checked OpenSSL didn't ship with Windows and Kerberos encryption did. How long ago did you check? I've been using OpenSSL on windows for many years. Actually, it was supported just fine on Windows back when it was added to Pos

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-05-01 Thread Henry B. Hotz
On May 1, 2007, at 1:32 PM, Tom Lane wrote: Stefan Kaltenbrunner <[EMAIL PROTECTED]> writes: Josh Berkus wrote: For now, yes. In the long run, we want to provide users with other methods of encrypted connections than the rather flaky and not-available-on-every-platform OpenSSL. I'm curi

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-05-01 Thread Henry B. Hotz
On May 1, 2007, at 2:30 PM, Magnus Hagander wrote: Henry B. Hotz wrote: On May 1, 2007, at 1:33 PM, Tom Lane wrote: Magnus Hagander <[EMAIL PROTECTED]> writes: I would call them "gss" and "gss-sec". Or possibly "gss-enc". I think that's a lot m

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-05-01 Thread Henry B. Hotz
On May 1, 2007, at 1:33 PM, Tom Lane wrote: Magnus Hagander <[EMAIL PROTECTED]> writes: I would call them "gss" and "gss-sec". Or possibly "gss-enc". I think that's a lot more clear than "gss-np" (something ending with -sec is a giveaway) +1 If we settle on gss-np and gss-sec is that a

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-05-01 Thread Henry B. Hotz
On May 1, 2007, at 1:16 AM, Magnus Hagander wrote: Henry B. Hotz wrote: OK, so posted. ;-) Would you like a new version of the patch with the incomplete functionality commented out (or otherwise removed)? Yes please :-) I was going to try to do one of those myself, but since you

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-04-30 Thread Henry B. Hotz
here's no regression either. On Apr 30, 2007, at 5:56 PM, Tom Lane wrote: "Henry B. Hotz" <[EMAIL PROTECTED]> writes: Don't you want to maintain some interoperability between 8.2 client/ server and 8.3 server/client at least? Hm, you mean that what you called a C

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-04-30 Thread Henry B. Hotz
of any platform that supports the "native" Kerb5 API that doesn't also support GSSAPI for the simple reason that a Kerberos-only version of GSSAPI has been bundled with both the MIT and Heimdal distributions for as long as I can remember. On Apr 30, 2007, at 4:48 PM, To

Re: [HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-04-30 Thread Henry B. Hotz
to rip out the existing Kerb5 code. On Apr 30, 2007, at 3:23 PM, Henry B. Hotz wrote: OK, so posted. ;-) To clarify for the larger audience: without the plain "gss" mechanism, the "gss-np" mechanism provides exactly the same functionality as the existing krb5 mecha

[HACKERS] Fwd: [PATCHES] Preliminary GSSAPI Patches

2007-04-30 Thread Henry B. Hotz
Postgres Java client have changed, and they will be using MySQL instead. |-( Given what I've said here, I still feel obligated to provide Java mods, but your timeline will affect mine. Begin forwarded message: From: Bruce Momjian <[EMAIL PROTECTED]> Date: April 30, 2007 2:22:0

Re: [HACKERS] [COMMITTERS] pgsql: Update Solaris FAQ.

2007-02-27 Thread Henry B. Hotz
Would you like a krb5.h file for Solaris 9-10 that will allow you to "break into" the "hidden" library? Also S10u4 won't be out until this summer. I'd say the answer is currently "no". It's known by Sun that Postgres will compile against their Kerberos libraries though. On Feb 23, 2007,

Re: [HACKERS] 5 Weeks till feature freeze or (do you know where your patch is?)

2007-02-27 Thread Henry B. Hotz
On Feb 23, 2007, at 1:24 PM, Joshua D. Drake wrote: Henry Hotz: GSSAPI (with Magnus) Progressing. Had hoped to have alpha patches by March 1, but I just got handed a proposal that I have to do by then. I trust it's OK to send the first version in next week? No real issues, exc

Re: [HACKERS] log ssl mode with connections?

2007-02-21 Thread Henry B. Hotz
Anyone making those kind of decisions probably wants a generic "connection is encrypted" flag. It could be true if a GSSAPI connection has negotiated use of a security layer. Of course I don't have my GSSAPI patches working as well as the SASL ones were yet, and I haven't started on adding

Re: [HACKERS] 10 weeks to feature freeze (Pending Work)

2007-01-29 Thread Henry B. Hotz
On Jan 29, 2007, at 9:49 AM, Magnus Hagander wrote: Henry B. Hotz wrote: Henry B. Hotz: GSSAPI authentication method for C (FE/BE) and Java (FE). Magnus Haglander: SSPI (GSSAPI compatible) authentication method for C (FE) on Windows. (That fair Magnus? Or you want to volunteer for BE

Re: [HACKERS] 10 weeks to feature freeze (Pending Work)

2007-01-27 Thread Henry B. Hotz
tman/Public/kfw/gss/>. It's more places than SASL is. Down side is it doesn't do much that the current Krb5 code doesn't do. Structurally the GSSAPI mods will be very similar to the SASL ones I already did. On Jan 26, 2007, at 7:16 PM, Stephen Frost wrote: * Henry B.

Re: [HACKERS] 10 weeks to feature freeze (Pending Work)

2007-01-26 Thread Henry B. Hotz
Henry B. Hotz: GSSAPI authentication method for C (FE/BE) and Java (FE). Magnus Haglander: SSPI (GSSAPI compatible) authentication method for C (FE) on Windows. (That fair Magnus? Or you want to volunteer for BE support as well?) GSSAPI isn't much more than a functional replacemen

Re: [HACKERS] Design Considerations for New Authentication Methods

2006-11-02 Thread Henry B. Hotz
On Nov 2, 2006, at 12:26 PM, Richard Troy wrote: Well, there's simply no need. While I can agree that more could be done, I'm not convinced there's a need because what we have now works fine. Let me support my view by stating first that I perceive that combining the conception of encrypting

Re: [HACKERS] Design Considerations for New Authentication Methods

2006-11-02 Thread Henry B. Hotz
On Nov 2, 2006, at 11:04 AM, Martijn van Oosterhout wrote: On Thu, Nov 02, 2006 at 10:45:24AM -0800, Henry B. Hotz wrote: In my case I have good control over the Kerberos infrastructure, but none over the Federal PKI infrastructure. I also want the data channel encryption tied to the client

Re: [HACKERS] Design Considerations for New Authentication Methods

2006-11-02 Thread Henry B. Hotz
Sorry about the premature send. On Nov 2, 2006, at 1:18 AM, Magnus Hagander wrote: * Henry B. Hotz ([EMAIL PROTECTED]) wrote: I've been looking at adding SASL or GSSAPI as an auth method. I have some questions about how to handle the flow of control changes. Great! I'd love t

Re: [HACKERS] Design Considerations for New Authentication Methods

2006-11-02 Thread Henry B. Hotz
On Nov 2, 2006, at 1:18 AM, Magnus Hagander wrote: * Henry B. Hotz ([EMAIL PROTECTED]) wrote: I've been looking at adding SASL or GSSAPI as an auth method. I have some questions about how to handle the flow of control changes. Great! I'd love to see that implemented, persona

Re: [HACKERS] Design Considerations for New Authentication Methods

2006-11-01 Thread Henry B. Hotz
On Nov 1, 2006, at 6:33 AM, Stephen Frost wrote: * Henry B. Hotz ([EMAIL PROTECTED]) wrote: I've been looking at adding SASL or GSSAPI as an auth method. I have some questions about how to handle the flow of control changes. Great! I'd love to see that implemented, persona

Re: [HACKERS] Design Considerations for New Authentication Methods

2006-11-01 Thread Henry B. Hotz
On Oct 31, 2006, at 8:34 PM, Tom Lane wrote: "Henry B. Hotz" <[EMAIL PROTECTED]> writes: I notice that all the authentication (pg_fe_sendauth()) is done inside PWConnectPoll(), which sounds like something that isn't expected to block on network access. That's

[HACKERS] Design Considerations for New Authentication Methods

2006-10-31 Thread Henry B. Hotz
I've been looking at adding SASL or GSSAPI as an auth method. I have some questions about how to handle the flow of control changes. When you do one of the above, an authentication is not (necessarily) a simple one-packet exchange. In fact the exchange may involve trying several different

Re: [HACKERS] JAVA Support

2006-09-29 Thread Henry B. Hotz
On Sep 29, 2006, at 12:31 AM, Magnus Hagander wrote: However, that doesn't change that some people would like us to support GSSAPI, and there may be some benefit (additional applications, better network authentication, etc.) for doing so. If we can get additional programmers to code the

Re: [HACKERS] JAVA Support

2006-09-29 Thread Henry B. Hotz
On Sep 28, 2006, at 9:35 PM, Tom Lane wrote: "Joshua D. Drake" <[EMAIL PROTECTED]> writes: Is there any reason why we haven't built a generic authentication API? Something like PAM, except cross platform? We're database geeks, not security/crypto/authentication geeks. What makes you think

Re: [HACKERS] JAVA Support

2006-09-28 Thread Henry B. Hotz
On Sep 28, 2006, at 3:01 PM, Josh Berkus wrote: Kris, I would if we could get some -hackers buy in on the idea. Adding more and more auth methods is something they're not excited about unless there's a good reason (which I think this is). Actually, I've been trying to get some of the Sun e

Re: [HACKERS] JAVA Support

2006-09-28 Thread Henry B. Hotz
On Sep 28, 2006, at 3:03 PM, Josh Berkus wrote: Tom, It would depend in part on the size of the patch, and on whether there are any arguments for supporting GSSAPI besides "Java can't do Kerberos". What would it buy for a libpq user? According to the Solaris Security engineers, GSSAPI is mo

Re: [HACKERS] JAVA Support

2006-09-28 Thread Henry B. Hotz
I cc'ed Tom Lockhart because he *used* to be core, and I know where he works. No response expected. On Sep 28, 2006, at 2:11 PM, Magnus Hagander wrote: f) SASL support is available in current Java as well as C. SASL libraries are included (or at least loadable) on MacOS, Solaris 10+, and Lin

Re: [HACKERS] JAVA Support

2006-09-28 Thread Henry B. Hotz
On Sep 28, 2006, at 2:24 PM, Tom Lane wrote: "Magnus Hagander" <[EMAIL PROTECTED]> writes: As for the other part - will core accept this - I can't answer that. It would depend in part on the size of the patch, and on whether there are any arguments for supporting GSSAPI besides "Java can't d

Re: [HACKERS] JAVA Support

2006-09-28 Thread Henry B. Hotz
On Sep 28, 2006, at 12:42 PM, Magnus Hagander wrote: 2) If I were willing to add a GSSAPI or SASL layer as an alternative to the bare Krb 5 support would anyone be willing to help with the supporting mods to the pg_hba.conf parsing, and configure? Sure, I can help out with that. I've done a b

[HACKERS] Paging Phil Dodderidge

2006-09-28 Thread Henry B. Hotz
There's an old post from Phil about having GSSAPI support "almost working" with PostgreSQL. I'd like to ask him about his work, but the email link in the archives doesn't work. The opinions expressed in this messag

Re: [HACKERS] JAVA Support

2006-09-28 Thread Henry B. Hotz
On Sep 28, 2006, at 10:52 AM, Kris Jurka wrote: On Thu, 28 Sep 2006, Henry B. Hotz wrote: It appears that the JDBC client doesn't include the Kerberos support that the C clients do. Java doesn't have accessible Kerberos support. It wraps Kerberos in GSSAPI which requires

[HACKERS] JAVA Support

2006-09-28 Thread Henry B. Hotz
It appears that the JDBC client doesn't include the Kerberos support that the C clients do. So, two questions: 1) Is there an alternative JDBC client that's just a glue layer instead of a complete re-implementation? 2) If I were willing to add a GSSAPI or SASL layer as an alternative to

Re: [HACKERS] Referencing OLD/NEW Rows on Trigger Definition

2004-08-19 Thread Henry
d copyfuncs.c. Any comments or advices would be appreciated. Henry ---(end of broadcast)--- TIP 8: explain analyze is your friend

[HACKERS] Referencing OLD/NEW Rows on Trigger Definition

2004-08-13 Thread Henry
nd copyfuncs.c Do I miss anything? Could anyone give me your advices on the implementation? Thanks. Henry ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org

Re: [HACKERS] Complex/elaborate user-defined base types

2003-10-24 Thread Jean-Henry Berevoescu
s it comes out of the de objectTypeOut function), but the type casted getObject() method fails (I tried the type mapping in different ways, but no one seem to work). Thanks in advance for any tip. Jean Jean-Henry Berevoescu wrote: Hi, I am trying to create complex user-defined base types and

Re: [HACKERS] Complex/elaborate user-defined base types

2003-10-24 Thread Jean-Henry Berevoescu
comes out of the de objectTypeOut function), but the type casted getObject() method fails (I tried the type mapping in different ways, but no one seem to work). Thanks in advance for any tip. Jean Jean-Henry Berevoescu wrote: Hi, I am trying to create complex user-defined base types and

[HACKERS] Complex/elaborate user-defined base types

2003-10-24 Thread Jean-Henry Berevoescu
Hi, I am trying to create complex user-defined base types and have some difficulties. I started with the examples (complex, point, path) and I had no problem at all creating similar user-defined types, with fixed or variable length. They perform very good in all my tests (inserts, selects and s

Re: [HACKERS] [PORTS] [COMMITTERS] pgsql-server/src/template bsdi freebsd

2003-10-14 Thread Henry B. Hotz
At 10:45 AM -0400 10/9/03, Bruce Momjian wrote: Neil Conway wrote: On Thu, 2003-10-09 at 09:35, Bruce Momjian wrote: > I only put back what was already there --- not sure why others don't use > it. You want it enabled on Linux? Well, why do we have it enabled at all? If it's to speed compilati

Re: [PORTS] Geometry test on NetBSD (was Re: [HACKERS] RC1?)

2002-11-26 Thread Henry B. Hotz
At 1:51 PM -0500 11/20/02, Tom Lane wrote: Patrick Welche <[EMAIL PROTECTED]> writes: On Wed, Nov 20, 2002 at 01:21:47PM -0500, Tom Lane wrote: Ah-hah, so it is a version issue --- we could make the resultmap line something like geometry/.*-netbsd1.[0-5]=geometry-positive-zeros NetBSD/i3

Re: [PORTS] Geometry test on NetBSD (was Re: [HACKERS] RC1?)

2002-11-26 Thread Henry B. Hotz
At 1:15 AM -0500 11/20/02, Tom Lane wrote: Bruce Momjian <[EMAIL PROTECTED]> writes: Tom, can you clarify why -0 is valid. The IEEE spec absolutely thinks that -0 and +0 are distinct entities. I don't remember why, at one in the morning ... but if you insist I'm sure that plenty sufficient num

Re: [HACKERS] Re: Call for platforms

2001-04-09 Thread Henry B. Hotz
At 1:50 AM -0400 4/6/01, Tom Lane wrote: >"Henry B. Hotz" <[EMAIL PROTECTED]> writes: > > Bottom line: 7.1RC1 passes most of the regression tests on > > NetBSD/macppc. > >The only thing that surprised me here was all of the warnings from >libreadline c

[HACKERS] Re: Call for platforms

2001-04-05 Thread Henry B. Hotz
Bottom line: 7.1RC1 passes most of the regression tests on NetBSD/macppc. It's probably good enough for normal use since the differences are not extensive, but someone would need to look at the diff's for longer than the 10 seconds or so I've spent so far, and someone should actually set it

[HACKERS] MacOS X OK, was: Call for platforms

2001-03-31 Thread Henry B. Hotz
gt;At 5:14 PM + 3/26/01, Thomas Lockhart wrote: >>NetBSD m68k 7.0 2000-04-10, Henry B. Hotz > >I no longer have a 68k machine that's fast enough to reasonably test >PG on. I have a IIcx that sometimes serves as a router, but I'm >using some second-generation p

Re: [HACKERS] 7.1 docs

2001-03-27 Thread He Weiping(Laser Henry)
> > en_GB would be a "British English" translation. I don't think this is > what you wanted to do. > cn_GB, sorry. :-D Regards Laser Henry ---(end of broadcast)--- TIP 2: you can get off all lists at once with the u

[HACKERS] Re: Call for platforms

2001-03-27 Thread Henry B. Hotz
At 5:14 PM + 3/26/01, Thomas Lockhart wrote: >NetBSD m68k7.0 2000-04-10, Henry B. Hotz I no longer have a 68k machine that's fast enough to reasonably test PG on. I have a IIcx that sometimes serves as a router, but I'm using some second-generation powermac's

Re: [HACKERS] 7.1 docs

2001-03-24 Thread He Weiping(Laser Henry)
f some software package, I still can't generate other format (html, ps etc.) on my machine after upgrade to 7.1, but the old Makefile is ok. don't know why, if put up there, then you can generate other format without problem. Thanks & Regards Laser Henry --

Re: [HACKERS] Re: [INTERFACES] Re: [GENERAL] Chinese patch for Pgaccess

2001-02-22 Thread He Weiping(Laser Henry)
> > > appropriate. There are several encodings for Chinese including > > GB(EUC-CN), Big5, EUC-TW. At least we should be able to distinguish > > them. What about "chinese(GB)" or whatever? > > Renamed to chinese-gb. > I think chinese-gb is ok, thanks! Regards Laser

[HACKERS] Chinese patch for Pgaccess

2001-02-22 Thread He Weiping(Laser Henry)
Hi all: The attachement is the Chinese (GB) patch for PgAccess, don't know if it's correct to post here. It's simple to do the translation, And I've test in 7.0.2 & current CVS, seems pretty good. If anyone want this little thing, I'll very happy. use it is very simple, just gunzip it and copy