pgman@candle.pha.pa.us (Bruce Momjian) wrote
> Sir-* does have a point. A valid host in pg_hba.conf can cause DOS by
> just connecting over and over, but allocating almost all of the memory
> on the machine would affect other applications running on the machine,
> even non-networked applications, as well as PostgreSQL, while a
> connection DOS effects only PostgreSQL.
oh woe is he the man who does not use rlimits, or perhaps, concurrency
limits?
it seems this is nothing new, all network available services are subject to
dos or ddos attacks... and if you dont setup limits on your machine, then
other things can be affected... inetd, bind, sendmail, finger, <insert
favorite network accessible program here>, etc...
I do agree that pgsql should not just arbitrarily allocate memory like
this, as defensive programming, but I cannot agree that this is a bug or
problem in pgsql per se.
As a side note, if someone wanted to shift the discussion to allowing
concurrency limits in pgsql, how would/could this fit into the context of
another thread where it was discussed to be able to always allow certain
users to login...