Re: Automating access grants - Mailing list pgsql-general

I realize that direct access gives an outside user the opportunity to overload the server.  In fact, I am far less worried about malicious DOS-type attacks than I am about plain old incompetence, such as having a buggy script hammer our server with an infinite loop.

BTW, is there a way to configure a PostgreSQL server to abort a query if it takes longer than a certain amount of time, and/or to limit the number of queries allowed per host per unit time (say, per hour)?

That's why registration of a host is mandatory for this access.  Any registered host that violates the TOS gets summarily removed from the allowed hosts list.  (They get a second chance if they convince us that it won't happen again.  No third chance.)

I should point out that the information that we will be serving is readily available from other sources; our service just provides it in a more convenient form.  The data in question is of academic interest only; it has little or no economic value.

At any rate, if we were to do this, we would announce it as an "experimental feature".  If server-overload (whether from malicious attacks, or from inept usage) becomes an intractable problem, we will just retire the service.

That said, for this experimental feature to work at all, it is necessary to have a solid way to automate the granting of access to those servers that request it and meet our conditions.

kj