Re: libpq compression (part 3)
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Jelte Fennema-Nio <postgres@jeltef.nl>,
Jacob Burroughs <jburroughs@instructure.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-05-20T17:01:38Z
Lists: pgsql-hackers
On Mon, May 20, 2024 at 12:49 PM Jacob Champion <jacob.champion@enterprisedb.com> wrote: > ...and my response was that, no, the proposal doesn't seem to be > requiring that authentication take place before compression is done. > (As evidenced by your email. :D) If the claim is that there are no > security problems with letting unauthenticated clients force > decompression, then I can try to poke holes in that; I would prefer this approach, so I suggest trying to poke holes here first. If you find big enough holes then... > or if the claim > is that we don't need to worry about that at all because we'll wait > until after authentication, then I can poke holes in that too. My > request is just that we choose one. ...we can fall back to this and you can try to poke holes here. I really hope that you can't poke big enough holes to kill the feature entirely, though. Because that sounds sad. -- Robert Haas EDB: http://www.enterprisedb.com