On Wed, Mar 1, 2023 at 10:57 AM Masahiko Sawada <sawada.m...@gmail.com> wrote: > > On Wed, Mar 1, 2023 at 1:55 PM Amit Kapila <amit.kapil...@gmail.com> wrote: > > > > > Won't a malicious user can block the > > replication in other ways as well and let the publisher stall (or > > crash the publisher) even without setting min_send_delay? Basically, > > one needs to either disable the subscription or create a > > constraint-violating row in the table to make that happen. If the > > system is exposed for arbitrarily allowing the creation of a > > subscription then a malicious user can create a subscription similar > > to one existing subscription and block the replication due to > > constraint violations. I don't think it would be so easy to bypass the > > current system that a malicious user will be allowed to create/alter > > subscriptions arbitrarily. > > Right. But a difference is that with min_send_delay, it's just to > create a subscription. >
But, currently, only superusers would be allowed to create subscriptions. Even, if we change it and allow it based on some pre-defined role, it won't be allowed to create a subscription arbitrarily. So, not sure, if any malicious user can easily bypass it as you are envisioning it. -- With Regards, Amit Kapila.
