public inbox for [email protected]
help / color / mirror / Atom feedFrom: Antonin Houska <[email protected]>
To: Greg Sabino Mullane <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: POC: Carefully exposing information without authentication
Date: Fri, 30 May 2025 17:02:11 +0200
Message-ID: <21076.1748617331@localhost> (raw)
In-Reply-To: <CAKAnmm+T-CEDLmRezWfH-7ZEsFfD_kU2KY1TgB288K+wprB_4Q@mail.gmail.com>
References: <CAKAnmm+T-CEDLmRezWfH-7ZEsFfD_kU2KY1TgB288K+wprB_4Q@mail.gmail.com>
Greg Sabino Mullane <[email protected]> wrote:
> Proposal: Allow a carefully curated selection of information to be shown without authentication.
>
> A common task for an HA system or a load balancer is to quickly determine which of your Postgres clusters is the primary, and which are the
> replicas. The canonical way to do this is to log in to each server with a valid username and password, and then run pg_is_in_recovery().
> That's a lot of work to determine if a server is a replica or not, and it struck me that this true/false information about a running cluster is not
> super-sensitive information. In other words, would it really be wrong if there was a way to advertise that information without having to log in?
> I toyed with the idea of Postgres maintaining some sort of signal file, but then I realized that we already have a process, listening on a known
> port, that has that information available to us.
>
> Thus, this POC (proof of concept), which lets the postmaster scan for incoming requests and quickly handle them *before* doing forking and
> authenticating. We scan for a simple trigger string, and immediately return the information to the client.
Why is it important not to fork? My understanding is that pg_is_ready also
tries to start a regular connection, i.e. forks a new backend. I think this
functionality would fit into libpq. (I've got no strong opinion on the amount
of information to be revealed this way. In any case, a GUC to enable the
feature only if the DBA wants it makes sense.)
--
Antonin Houska
Web: https://www.cybertec-postgresql.com
view thread (8+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: POC: Carefully exposing information without authentication
In-Reply-To: <21076.1748617331@localhost>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox