All, > I vote for locking down to superuser access (lets be frank here: I > would estimate 90%+ database installatons run with the application as > root) so we are not losing much.
Not in my experience. Note that making them superuser-only pretty much puts them out of the hands of hosted applications. How simple would it be to limit the number of advisory locks available to a single request? That would at least make the DOS non-trivial. Or to put in a handle (GUC?) that allows turning advisory locks off? Hmmm ... I'll bet I could come up with other ways to use generate_series in a DOS, even without advisory locks ... -- Josh Berkus PostgreSQL @ Sun San Francisco ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
