Add an overall timeout on the client authentication cycle, so that

a hung client or lost connection can't indefinitely block a postmaster child (not to mention the possibility of deliberate DoS attacks). Timeout is controlled by new authentication_timeout GUC variable, which I set to 60 seconds by default ... does that seem reasonable?
2025-07-27 12:41:57 +03:00 · 2001-09-21 17:06:12 +00:00
parent e3f5bc3492
commit 35b7601b04
8 changed files with 136 additions and 63 deletions
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.82 2001/09/21 03:32:35 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.83 2001/09/21 17:06:12 tgl Exp $
 -->

 <Chapter Id="runtime">
@ -1018,6 +1018,20 @@ env PGOPTIONS='-c geqo=off' psql
      </listitem>
     </varlistentry>

+     <varlistentry>
+      <term><varname>AUTHENTICATION_TIMEOUT</varname> (<type>integer</type>)</term>
+      <listitem>
+       <para>
+        Maximum time to complete client authentication, in seconds.
+	If a would-be client has not completed the authentication protocol
+	in this much time, the server unceremoniously breaks the connection.
+	This prevents hung clients from occupying a connection indefinitely.
+	This option can only be set at server start or in the
+	<filename>postgresql.conf</filename> file.
+       </para>
+      </listitem>
+     </varlistentry>
+
     <varlistentry>
      <indexterm>
       <primary>deadlock</primary>