From 35b7601b0484f8cf73299932b610bba6bcdde387 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Fri, 21 Sep 2001 17:06:12 +0000
Subject: Add an overall timeout on the client authentication cycle, so that a
 hung client or lost connection can't indefinitely block a postmaster child
 (not to mention the possibility of deliberate DoS attacks). Timeout is
 controlled by new authentication_timeout GUC variable, which I set to 60
 seconds by default ... does that seem reasonable?

---
 doc/src/sgml/runtime.sgml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'doc/src')

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 55034494dcb..e6095f26996 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.82 2001/09/21 03:32:35 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.83 2001/09/21 17:06:12 tgl Exp $
 -->
 
 <Chapter Id="runtime">
@@ -1018,6 +1018,20 @@ env PGOPTIONS='-c geqo=off' psql
       </listitem>
      </varlistentry>
 
+     <varlistentry>
+      <term><varname>AUTHENTICATION_TIMEOUT</varname> (<type>integer</type>)</term>
+      <listitem>
+       <para>
+        Maximum time to complete client authentication, in seconds.
+	If a would-be client has not completed the authentication protocol
+	in this much time, the server unceremoniously breaks the connection.
+	This prevents hung clients from occupying a connection indefinitely.
+	This option can only be set at server start or in the
+	<filename>postgresql.conf</filename> file.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry>
       <indexterm>
        <primary>deadlock</primary>
-- 
cgit v1.2.3