| From: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
|---|---|
| To: | Fabio Rueda Carrascosa <avances123(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Disallow SET command in a postgresql server |
| Date: | 2013-04-09 16:13:18 |
| Message-ID: | CAHyXU0yU6uT-muKBzOFs3L+14LJdH38kz6cWAoPLQ2fdwwL3zQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Apr 9, 2013 at 10:57 AM, Fabio Rueda Carrascosa
<avances123(at)gmail(dot)com> wrote:
> My grant/revoke architecture is fine, you mean about costly cpu/ram queries?
it has nothing to do with grant/revoke. There are multiple trivial
things a user can do to DOS you server. You can prevent a lot of
them, but it's definitely whack-a-mole. If you don't believe me, try
logging into schemaverse in the next few moments. I just took it
down. It will come up shortly.
The only way I will advise opening up database to untrusted user is
through pgbouncer (modified to allow only v3 parameterized queries
that match a whitelist).
merlin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2013-04-09 16:15:43 | Re: Disallow SET command in a postgresql server |
| Previous Message | kiran | 2013-04-09 16:07:43 | Create a DBLink from PostrgeSQL 9.2 to Oracle 11g |