On Mon, Nov 08, 2010 at 10:36:16AM -0800, Charles Pritchard wrote:
> On 11/8/2010 7:55 AM, Alvaro Herrera wrote:
> >Excerpts from Charles Pritchard's message of sáb nov 06 23:20:13 -0300 2010:
> >
> >>Simple async sql sub-set (the spec in trouble):
> >>http://dev.w3.org/html5/webdatabase/
> >This is insane. This spec allows the server to run arbitrary SQL
> >commands on the client, AFAICT. That seems like infinite joy for
> >malicious people running webservers. The more powerful the dialect
> >of SQL the client implements, the more dangerous it is.
>
> Because of a lack of "interested implementers", the spec does not
> put forward a standard dialect/subset. It simply uses Sqlite.
>
> Obviously, access should be restricted per the security section: a
> given domain may only run commands that modify its own database.
That's not proof against a DoS of the form:
SELECT * FROM generate_series(1,1000000),generate_series(1,1000000),...;
... and that was *before* CTEs made SQL Turing-complete.
Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate