| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers(at)postgresql(dot)org, "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com> |
| Subject: | Re: advisory locks and permissions |
| Date: | 2006-09-22 15:59:46 |
| Message-ID: | 45140872.8060109@commandprompt.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> there are plenty of other potentially nasty things (like
> generate_series and the ! operator). why are advisory_locks handled
> specially? the way it stands right now is a user with command access
> can DoS a server after five minutes of research on the web.
You don't even have to do any research, just fire off ab.
Using a DOS to attack *any* database server via the web is a 3 second
command.
Joshua D. Drake
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | AgentM | 2006-09-22 16:03:46 | Re: advisory locks and permissions |
| Previous Message | Tom Lane | 2006-09-22 15:37:05 | Re: advisory locks and permissions |