Bruce Momjian <[EMAIL PROTECTED]> writes:
> I assume this patch is to control this way of breaking out of a
> read-only transaction:
> [...]
> This seems like a valuable feature, as others have mentioned.

Why is this feature valuable?

A "read only user" is still able to easily DOS the server, consume
arbitrary disk space[1], and prevent other users from accessing data
(using LOCK, for example). It has been a long-standing fact that
giving a user the ability to execute arbitrary SQL is a security hole;
if you plan to change that, ISTM that a lot more work is necessary.


[1] Whether they are allowed to create temp tables or not: plenty of
other parts of the executor use temporary storage.

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Reply via email to