All,
> I vote for locking down to superuser access (lets be frank here: I
> would estimate 90%+ database installatons run with the application as
> root) so we are not losing much.
Not in my experience. Note that making them superuser-only pretty much puts
them out of the hands of hosted applications.
How simple would it be to limit the number of advisory locks available to a
single request? That would at least make the DOS non-trivial. Or to put in
a handle (GUC?) that allows turning advisory locks off?
Hmmm ... I'll bet I could come up with other ways to use generate_series in a
DOS, even without advisory locks ...
--
Josh Berkus
PostgreSQL @ Sun
San Francisco