David Garamond wrote:
So it is possible for a user connected to the DB to send random commit
or cancel commands, just in case she happens to hit a valid GID?
It is not essentially different from someone trying to bruteforce a
password. A 128bit value like a random GUID is as strong as a 16 char
Alvaro Herrera wrote:
Another approach I've been thinking about is to allow anyone that knows
the (user-supplied) global transaction identifier to finish the
transaction, and hide the gids of running transactions from regular
users. That way, the gid acts as a secret token that's only known by t
Heikki,
> Another approach I've been thinking about is to allow anyone that knows
> the (user-supplied) global transaction identifier to finish the
> transaction, and hide the gids of running transactions from regular users.
> That way, the gid acts as a secret token that's only known by the
> tra
Heikki Linnakangas wrote:
Another approach I've been thinking about is to allow anyone that knows
the (user-supplied) global transaction identifier to finish the
transaction, and hide the gids of running transactions from regular
users. That way, the gid acts as a secret token that's only known
On Wed, 13 Oct 2004, Peter Eisentraut wrote:
Heikki Linnakangas wrote:
What kind of security restrictions do we want for prepared
transactions? Who has the right to finish a transaction that was
started by user A? At least the original user, I suppose, but who
else?
Do we not require transaction in
Heikki Linnakangas wrote:
> What kind of security restrictions do we want for prepared
> transactions? Who has the right to finish a transaction that was
> started by user A? At least the original user, I suppose, but who
> else?
Do we not require transaction initiation and conclusion to happen in
On Wed, Oct 13, 2004 at 11:58:21PM +0700, David Garamond wrote:
> Heikki Linnakangas wrote:
> >Another approach I've been thinking about is to allow anyone that knows
> >the (user-supplied) global transaction identifier to finish the
> >transaction, and hide the gids of running transactions from
Heikki Linnakangas wrote:
What kind of security restrictions do we want for prepared transactions?
Who has the right to finish a transaction that was started by user A? At
least the original user, I suppose, but who else?
Under what account is the transaction manager typically going to run? A
s
Heikki Linnakangas <[EMAIL PROTECTED]> writes:
> What kind of security restrictions do we want for prepared transactions?
> Who has the right to finish a transaction that was started by user A? At
> least the original user, I suppose, but who else?
I would say the original user, any superuser, a
What kind of security restrictions do we want for prepared transactions?
Who has the right to finish a transaction that was started by user A? At
least the original user, I suppose, but who else?
Under what account is the transaction manager typically going to run? A
separate TM account perhaps
10 matches
Mail list logo
