> I vote for locking down to superuser access (lets be frank here: I
> would estimate 90%+ database installatons run with the application as
> root) so we are not losing much.

Not in my experience.   Note that making them superuser-only pretty much puts 
them out of the hands of hosted applications.

How simple would it be to limit the number of advisory locks available to a 
single request?  That would at least make the DOS non-trivial.  Or to put in 
a handle (GUC?) that allows turning advisory locks off?

Hmmm ... I'll bet I could come up with other ways to use generate_series in a 
DOS, even without advisory locks ...

Josh Berkus
PostgreSQL @ Sun
San Francisco

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

Reply via email to