From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Keith Parks <emkxp01(at)mtcc(dot)demon(dot)co(dot)uk> |
Cc: | pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: [HACKERS] VACUUM as a denial-of-service attack |
Date: | 1999-11-29 04:49:15 |
Message-ID: | 12728.943850955@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Keith Parks <emkxp01(at)mtcc(dot)demon(dot)co(dot)uk> writes:
>> From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
>> I think a reasonable answer to this is to restrict VACUUM on any
>> table to be allowed only to the table owner and Postgres superuser.
>> Does anyone have an objection or better idea?
> In the dim and distant past I produced a patch that put vacuum
> into the list of things that you could GRANT on a per-table
> basis. I don't know what effort it would take to rework that
> for current or if it would be worth it.
Thanks for the code, but for now I just threw in a quick pg_ownercheck
call: VACUUM will now vacuum all tables if you are the superuser, else
just the tables you own, skipping the rest with a NOTICE. What you had
looked like more infrastructure than I thought the problem was worth...
I suspect most people will run VACUUMs from the superuser account
anyway...
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 1999-11-29 05:03:24 | Re: [HACKERS] Re: BOUNCE pgsql-ports@postgreSQL.org: Non-member submission from [Joe Brenner <doom@kzsu.stanford.edu>] (fwd) |
Previous Message | Tom Lane | 1999-11-29 04:31:49 | How to get info about deadlocks? |