Re: Automating access grants

From: "Kynn Jones" <kynnjo(at)gmail(dot)com>
To: "Kynn Jones" <kynnjo(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: Automating access grants
Date: 2007-03-15 12:59:02
Message-ID: e2ed8d8c0703150559v1cf73197g4d9679223100f440@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

I realize that direct access gives an outside user the opportunity to
overload the server. In fact, I am far less worried about malicious
DOS-type attacks than I am about plain old incompetence, such as having a
buggy script hammer our server with an infinite loop.

BTW, is there a way to configure a PostgreSQL server to abort a query if it
takes longer than a certain amount of time, and/or to limit the number of
queries allowed per host per unit time (say, per hour)?

That's why registration of a host is mandatory for this access. Any
registered host that violates the TOS gets summarily removed from the
allowed hosts list. (They get a second chance if they convince us that it
won't happen again. No third chance.)

I should point out that the information that we will be serving is readily
available from other sources; our service just provides it in a more
convenient form. The data in question is of academic interest only; it has
little or no economic value.

At any rate, if we were to do this, we would announce it as an "experimental
feature". If server-overload (whether from malicious attacks, or from inept
usage) becomes an intractable problem, we will just retire the service.

That said, for this experimental feature to work at all, it is necessary to
have a solid way to automate the granting of access to those servers that
request it and meet our conditions.

kj

On 3/15/07, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> * Kynn Jones (kynnjo(at)gmail(dot)com) wrote:
> > On 3/15/07, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > >* Kynn Jones (kynnjo(at)gmail(dot)com) wrote:
> >
> > >One big question I have is, is this completely read-only?
> >
> > Sorry, I should have made this clear: the access we had in mind is
> > strictly read-only, and only a subset of the tables at that.
>
> Then I would definitely encourage setting up a webpage to provide the
> information.. There's no need to grant access to the database directly,
> and for that matter it'll probably be easier for your *users* to get the
> data in a portable format directly rather than having to install
> something which can talk the PG protocol.
>
> Enjoy,
>
> Stephen
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFF+TtHrzgMPqB3kigRAkRNAJ9JeWKQ6y2yjqpRxuHMOxRAtZgMwgCglkO7
> KllW1Aa2hyYuIFG7tSspSZY=
> =xqHu
> -----END PGP SIGNATURE-----
>
>

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Ron Johnson 2007-03-15 13:00:32 Re: Native type for storing fractions (e.g 1/3)?
Previous Message Ashish Karalkar 2007-03-15 12:35:04 PLpgSQL debugger