Re: contrib: auth_delay module
Ross Reedstrom <reedstrm@rice.edu>
From: "Ross J. Reedstrom" <reedstrm@rice.edu>
To: Robert Haas <robertmhaas@gmail.com>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, Stephen Frost <sfrost@snowman.net>, Jan Urbański <wulczer@wulczer.org>, Itagaki Takahiro <itagaki.takahiro@gmail.com>, KaiGai Kohei <kaigai@kaigai.gr.jp>, PostgreSQL-Hackers <pgsql-hackers@postgresql.org>
Date: 2010-11-17T15:32:53Z
Lists: pgsql-hackers
On Tue, Nov 16, 2010 at 09:41:37PM -0500, Robert Haas wrote: > On Tue, Nov 16, 2010 at 8:15 PM, KaiGai Kohei <kaigai@ak.jp.nec.com> wrote: > > If we don't need a PoC module for each new hooks, I'm not strongly > > motivated to push it into contrib tree. > > How about your opinion? > > I'd say let it go, unless someone else feels strongly about it. I would use this module (rate limit new connection attempts) as soon as I could. Putting a cap on potential CPU usage on a production DB by either a blackhat or mistake by a developer caused by a mistake in configuration (leaving the port accessible) is definitely useful, even in the face of max_connections. My production apps already have their connections and seldom need new ones. They all use CPU though. Ross -- Ross Reedstrom, Ph.D. reedstrm@rice.edu Systems Engineer & Admin, Research Scientist phone: 713-348-6166 Connexions http://cnx.org fax: 713-348-3665 Rice University MS-375, Houston, TX 77005 GPG Key fingerprint = F023 82C8 9B0E 2CC6 0D8E F888 D3AE 810E 88F0 BEDE