Re: Security Issues: Allowing Clients to Execute SQL in the Backend.

From: Hello World <worldanizer(at)gmail(dot)com>
To: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, pgsql-general(at)postgresql(dot)org
Subject: Re: Security Issues: Allowing Clients to Execute SQL in the Backend.
Date: 2014-04-30 07:49:37
Message-ID: CAB8jeL=2gvA6uLu1gpvYjL94qnJdX1wsxPzc3LM51NuPbJK-WA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hello,

Thank you very much.

Denial of service is indeed a problem. Is there a way to limit the
execution time of a request?

I'm using libpq to communicate with the server.

PS. I've just taken a look, it seems I could do some asynchronous queries,
time them, then cancel them if they take too long.

http://www.postgresql.org/docs/8.4/static/libpq-cancel.html

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Willy-Bas Loos 2014-04-30 08:07:09 importing a messy text file
Previous Message Albe Laurenz 2014-04-30 07:44:08 Re: Security Issues: Allowing Clients to Execute SQL in the Backend.