Bruce Momjian <pgman@candle.pha.pa.us> writes:
> I assume this patch is to control this way of breaking out of a
> read-only transaction:
> [...]
> This seems like a valuable feature, as others have mentioned.
Why is this feature valuable?
A "read only user" is still able to easily DOS the server, consume
arbitrary disk space[1], and prevent other users from accessing data
(using LOCK, for example). It has been a long-standing fact that
giving a user the ability to execute arbitrary SQL is a security hole;
if you plan to change that, ISTM that a lot more work is necessary.
-Neil
[1] Whether they are allowed to create temp tables or not: plenty of
other parts of the executor use temporary storage.