| From: | Keith Parks <emkxp01(at)mtcc(dot)demon(dot)co(dot)uk> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org, tgl(at)sss(dot)pgh(dot)pa(dot)us |
| Subject: | Re: [HACKERS] VACUUM as a denial-of-service attack |
| Date: | 1999-11-23 22:18:53 |
| Message-ID: | 199911232218.WAA07783@mtcc.demon.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
>I think a reasonable answer to this is to restrict VACUUM on any
>table to be allowed only to the table owner and Postgres superuser.
>Does anyone have an objection or better idea?
In the dim and distant past I produced a patch that put vacuum
into the list of things that you could GRANT on a per-table
basis. I don't know what effort it would take to rework that
for current or if it would be worth it.
I think your suggestion above would be perfect if you never
need to allow anyone else to vacuum a table.
I'va attached the old patch below.
Keith.
| Attachment | Content-Type | Size |
|---|---|---|
| oldvacacl.diff | text/plain | 12.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1999-11-24 00:44:02 | Cache on pg_statistics |
| Previous Message | Ansley, Michael | 1999-11-23 20:57:29 | RE: AW: [HACKERS] SQL statements: begin and end |