Excerpts from Charles Pritchard's message of lun nov 08 20:25:21 -0300 2010:
> On 11/8/2010 3:03 PM, Alvaro Herrera wrote:
> > Excerpts from Kevin Grittner's message of lun nov 08 19:30:54 -0300 2010:
> >> David Fetter<david@fetter.org> wrote:
> >>
> >>> That's not proof against a DoS
> >>
> >> What client API is?
> > This spec gives free rein into every web user's system to webmasters.
> > If this isn't terminally dangerous, I don't know what is.
>
> DoS is more-or-less the responsibility of the host to send up alerts like:
> "This page is hanging, do you want to continue..." or otherwise
> automatically close hanging queries.
I classify that kind of approach to security as "terminally dangerous", yes.
> I don't believe the webmaster is granted free rein:
> Disk quotas are enforced, data is separated per origin,
> hanging processes are up to the implementer, and postgres has plenty of
> settings for that.
The day a privilege escalation is found and some webserver runs
"pg_read_file()" on your browser, will be a sad one indeed.
> The default disk quota per origin is generally 5megs; beyond that,
> additional user interaction is requested.
So 5 megs to a.example.com, 5 megs to b.example.com, and so on? Sounds,
eh, great.
--
Álvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support