On 17/02/18 20:48, Olegs Jeremejevs wrote:
> Okay, in other words, there's no way to completely defend oneself from
> DoS attacks which require having a session? If so, is there a scenario
> where some bad actor can create a new user for themselves (to connect
> to the database with), and not be able to do anything more damaging
> than that? For example, if I can do an SQL injection, then I can do
> something more clever than running a CREATE ROLE. And if not, then
> there's no point in worrying about privileges in a single-tenant
> database? Beyond human error safeguards.
>
> Olegs
How about execution limits, Olegs?
Tim Clarke