Re: Schema (namespace) privilege details
От | Sander Steffann |
---|---|
Тема | Re: Schema (namespace) privilege details |
Дата | |
Msg-id | 000901c1e861$25d9d870$64c8a8c0@balefire10ww обсуждение исходный текст |
Ответ на | Re: Schema (namespace) privilege details (Curt Sampson <cjs@cynic.net>) |
Ответы |
Re: Schema (namespace) privilege details
|
Список | pgsql-hackers |
Hi, > Curt Sampson <cjs@cynic.net> writes: > > On Fri, 19 Apr 2002, Sander Steffann wrote: > >> I can't think of a reason that [creation of] temp tables should > >> be prevented. > > > Maybe to keep hostile users from filling up your disk? > > That does come to mind --- but if you've let hostile users into > your database, filling your disk is not exactly the smallest problem > they could cause. They can very easily cause DOS problems just based > on overconsumption of CPU cycles, or on crashing your server constantly. > (Cm'on, we all know that can be done.) Even more to the point, is there > nothing in your database that you'd not want published to the entire > world? There's got to be a certain amount of trust level between you > and the persons you allow SQL-command-level access to your database. > If not, you ought to be interposing another level of software. > > My current proposal for schema protection does include a TEMP-table- > creation right ... but to be honest I am not convinced that it'd be > worth the trouble to implement it. Comments anyone? I see your point, but I think Curt is right... If users are always allowed to make temp tables, you can't give someone real read-only access to the DB. I agree that there has to be more protection to prevent other abuses, but at least the disk is safe. Sander
В списке pgsql-hackers по дате отправления: