> there are plenty of other potentially nasty things (like
> generate_series and the ! operator). why are advisory_locks handled
> specially? the way it stands right now is a user with command access
> can DoS a server after five minutes of research on the web.
You don't even have to do any research, just fire off ab.
Using a DOS to attack *any* database server via the web is a 3 second
command.
Joshua D. Drake
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL
solutionssince 1997 http://www.commandprompt.com/