On Wed, Sep 20, 2006 at 07:52:33PM -0400, Tom Lane wrote:
> face up to the possibility of malicious use. For instance, it's not
> very hard to create a DoS situation by running the system out of shared
> lock table space:
Didn't you just say we don't try and protect against DoS? ;P
> The brute force answer is to make those functions superuser-only, but I
> wonder if there is a better way. Perhaps we could just deny public
> execute access on them by default, and let admins grant the privilege to
> whom they trust.
>
> Or we could try to do something about limiting the number of such locks
> that can be granted, but that seems nontrivial to tackle at such a late
> stage of the devel cycle.
ISTM that just restricting default access still leaves a pretty big
foot-gun laying around... perhaps the best compromise would be to do
that for this release and add some kind of a limit in the next release.
--
Jim Nasby jim@nasby.net
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)