| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | "Merlin Moncure" <mmoncure(at)gmail(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com> |
| Subject: | Re: advisory locks and permissions |
| Date: | 2006-09-21 03:15:21 |
| Message-ID: | 200609202015.22103.josh@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
All,
> I vote for locking down to superuser access (lets be frank here: I
> would estimate 90%+ database installatons run with the application as
> root) so we are not losing much.
Not in my experience. Note that making them superuser-only pretty much puts
them out of the hands of hosted applications.
How simple would it be to limit the number of advisory locks available to a
single request? That would at least make the DOS non-trivial. Or to put in
a handle (GUC?) that allows turning advisory locks off?
Hmmm ... I'll bet I could come up with other ways to use generate_series in a
DOS, even without advisory locks ...
--
Josh Berkus
PostgreSQL @ Sun
San Francisco
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2006-09-21 03:17:52 | Re: advisory locks and permissions |
| Previous Message | Bruce Momjian | 2006-09-21 03:13:50 | Re: Release notes |