there are plenty of other potentially nasty things (like
generate_series and the ! operator).  why are advisory_locks handled
specially?   the way it stands right now is a user with command access
can DoS a server after five minutes of research on the web.


You don't even have to do any research, just fire off ab.

Using a DOS to attack *any* database server via the web is a 3 second command.

Joshua D. Drake



--

   === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
   Providing the most comprehensive  PostgreSQL solutions since 1997
             http://www.commandprompt.com/



---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to