Mike Mascari <mascarm@mascari.com> writes:
> I'd still think it would be a good policy to make a security release.
> However, without user resource limits in PostgreSQL, anyone can make a
> machine useless with a query like:
>
> SELECT *
> FROM pg_class a, pg_class b, pg_class c, pg_class d, pg_class e, ... ;
But this requires to be able to send arbitrary SQL commands; just
feeding a specially crafted date string usually does not.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898