Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uL1FT-00Gd27-KP for pgsql-hackers@arkaria.postgresql.org; Fri, 30 May 2025 15:02:19 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uL1FR-002nq3-7y for pgsql-hackers@arkaria.postgresql.org; Fri, 30 May 2025 15:02:17 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uL1FQ-002npb-TC for pgsql-hackers@lists.postgresql.org; Fri, 30 May 2025 15:02:16 +0000 Received: from mail-ed1-x535.google.com ([2a00:1450:4864:20::535]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1uL1FO-000j6N-2a for pgsql-hackers@lists.postgresql.org; Fri, 30 May 2025 15:02:15 +0000 Received: by mail-ed1-x535.google.com with SMTP id 4fb4d7f45d1cf-60410a9c6dcso3973630a12.1 for ; Fri, 30 May 2025 08:02:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec.at; s=google; t=1748617332; x=1749222132; darn=lists.postgresql.org; h=message-id:date:content-transfer-encoding:content-id:mime-version :comments:references:in-reply-to:subject:cc:to:from:from:to:cc :subject:date:message-id:reply-to; bh=WG1jWDMOEitT9wbgdKAUa7LqW4AQa2s1S9ieMDzbCbs=; b=GX1v0F0onwvbv+3nTlnG89EsPkRQnBGNO9q4TdPCggGLpm2tieNyripjpGzf/XSkb9 Gf/6azCo0AVEkWU8OarBTVNAQWuhxva3JtysBFzwUp8ePlY/4zkvYhxAjcDpvVM4sZ4y tKTnHLgtuBENWpw7RBV6qGyq9P33/IOUP1qhgg32ZXPctxCwwNrVS8d5BhRPz437Fdze TnNiaTEOTKe+4hlIGjTTt4DfDHAIgjWU3JMrQ3d4dv1AxSgj1RzgcEBR1JSZ5fobk5xT fE7iWYGaWycZrT2GoX6KjlwiXfpPPOhQZHPFuNRjQMoM2ZFtr/BVlZpMzf8/aPWrCeoP u5iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748617332; x=1749222132; h=message-id:date:content-transfer-encoding:content-id:mime-version :comments:references:in-reply-to:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WG1jWDMOEitT9wbgdKAUa7LqW4AQa2s1S9ieMDzbCbs=; b=Uagj966uJg+/Tpoh30hZkil3UEhic905Zk/srrMKuZAgcMMz7ng6q47wa0LVddIhbF 27Z7IEo8Z1qQWaN9I4qlKnDESus719viUm9SQOFiiAcaTeYVglrdFzXZQxeBFJJcs50X HNNASxjY+N/eyG0ZWJHwe3RaL3DFm0xm4p8yHcRRvup0t1lBdHvoQ4P/snQKZlrEg3Ua sM3epW4vRoUY77fKfu74l2F+MGpmw5Cy0lTkJzLieoKeiLiDiPpZ8/BcjvZVCvw/GT0Z gQdSEwBP2lVnoTQftv8jiPrD0zX39ZHuyjchlMoPu8OJXLFraEQ4Yz4Zj80yojsSvF8X tM8g== X-Gm-Message-State: AOJu0YwpstKfD4cf9MasjPjmsU7bsGtM2QXhhGi4llw02K7z/6PzZPhE WjIqJrGMCduUR3Ai49cittMT2EEQ7Dyv9W6SQYAPPTfcliM7opwiqgZB0J92kK0wAtLOBO0Car6 U4zGw X-Gm-Gg: ASbGncvkNvJWxhA329RT1LpBqHDJfcINTP/yL5zhDGVxg+dPqSff+gYypD3jdjMHCMk vJsHSObWxLTMKBd5p/gE35sOH8wzsxhRlCMHs5LUy06sEgNJhlqjRqepVwm4QExqGS0oOO62eRd 4xVXbFA7bRd/AHCVGiBHoNdftpPDmUwJMscu78MzacsPignsz4hllQD+6HoOtOrUvFSQRtiJzZR +nslHmdNToAieGUqmKKyut7Au/cGhZrYG2IXxL0alxWmCwmpUVeAqRbtZ+Lf7FrZRvrLNmR5yYY q1J2/ckxzyV+AyngEMUCvm9OOede+p8S1T8kk6F0410WVYc0Kxioxfxhkpudm7FRvA== X-Google-Smtp-Source: AGHT+IGoOwF3c2yPlJQpWvV4DglYNP2wbk1g/sARWDggzn2nsRrfVX3x+A8V+3ii/xoEJpAcPKJMnQ== X-Received: by 2002:a17:907:728f:b0:ad2:2e5c:89c5 with SMTP id a640c23a62f3a-adb32285206mr395740566b.20.1748617331788; Fri, 30 May 2025 08:02:11 -0700 (PDT) Received: from localhost (109-81-168-168.rct.o2.cz. [109.81.168.168]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ada5d7fed8bsm341253366b.28.2025.05.30.08.02.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 May 2025 08:02:11 -0700 (PDT) From: Antonin Houska To: Greg Sabino Mullane cc: "pgsql-hackers@lists.postgresql.org" Subject: Re: POC: Carefully exposing information without authentication In-reply-to: References: Comments: In-reply-to Greg Sabino Mullane message dated "Thu, 29 May 2025 10:32:57 -0400." X-Mailer: MH-E 8.6+git; nmh 1.8; GNU Emacs 28.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <21075.1748617330.1@localhost> Content-Transfer-Encoding: quoted-printable Date: Fri, 30 May 2025 17:02:11 +0200 Message-ID: <21076.1748617331@localhost> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Greg Sabino Mullane wrote: > Proposal: Allow a carefully curated selection of information to be shown= without authentication. > = > A common task for an HA system or a load balancer is to quickly determin= e which of your Postgres clusters is the primary, and which are the > replicas. The canonical way to do this is to log in to each server with = a valid username and password, and then run pg_is_in_recovery(). > That's a lot of work to determine if a server is a replica or not, and i= t struck me that this true/false information about a running cluster is no= t > super-sensitive information. In other words, would it really be wrong if= there was a way to advertise that information without having to log in? > I toyed with the idea of Postgres maintaining some sort of signal file, = but then I realized that we already have a process, listening on a known > port, that has that information available to us. > = > Thus, this POC (proof of concept), which lets the postmaster scan for in= coming requests and quickly handle them *before* doing forking and > authenticating. We scan for a simple trigger string, and immediately ret= urn the information to the client. Why is it important not to fork? My understanding is that pg_is_ready als= o tries to start a regular connection, i.e. forks a new backend. I think thi= s functionality would fit into libpq. (I've got no strong opinion on the amo= unt of information to be revealed this way. In any case, a GUC to enable the feature only if the DBA wants it makes sense.) -- = Antonin Houska Web: https://www.cybertec-postgresql.com