Hello World wrote: > Denial of service is indeed a problem. Is there a way to limit the execution > time of a request?
Yes, setting statement_timeout. But if a client can exectue arbitrary statements, that could also be statements like: SET statement_timeout=0; SET work_mem=1024GB; > I'm using libpq to communicate with the server. > > PS. I've just taken a look, it seems I could do some asynchronous queries, > time them, then cancel them > if they take too long. > > http://www.postgresql.org/docs/8.4/static/libpq-cancel.html That might be a way to avoid that people just reset statement_timeout. Of course someone could start a deadly query and then kill the client before it has a chance to cancel it... Yours, Laurenz Albe -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
