Neil Conway <neilc@samurai.com> writes:
> A malicious user who can execute SELECT queries can already consume an
> arbitrary amount of memory -- say, by disabling GEQO and self-joining
> pg_class to itself 50 times. I'm not sure that letting users modify
> sort_mem/work_mem actually increases the risk from malicious users.
The correct place for a sysadmin to limit memory usage would be in the
ulimit settings the postmaster starts under. Of course, Neil's argument
still holds in general: anyone who can write arbitrary queries is not
going to have any difficulty in soaking up unreasonable amounts of
resources. Trying to restrict that would probably make the system less
useful rather than more so.
regards, tom lane
