Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack

Marko Tiikkaja <marko@joh.to>

From: Marko Tiikkaja <marko@joh.to>
To: Jeremy Schneider <schnjere@amazon.com>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>, "Albin, Lloyd P" <lalbin@scharp.org>
Date: 2018-07-20T21:56:13Z
Lists: pgsql-bugs, pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Improve VACUUM and ANALYZE by avoiding early lock queue

  2. Improve TRUNCATE by avoiding early lock queue

  3. Restrict access to reindex of shared catalogs for non-privileged users

  4. Improve behavior of concurrent CLUSTER.

On Fri, Jul 20, 2018 at 2:17 AM, Jeremy Schneider <schnjere@amazon.com>
wrote:

> I'd like to bump this old bug that Lloyd filed for more discussion. It
> seems serious enough to me that we should at least talk about it.
>
> Anyone with simply the login privilege and the ability to run SQL can
> instantly block all new incoming connections to a DB including new
> superuser connections.
>

So..  don't VACUUM FULL pg_authid without lock_timeout?

I can come up with dozens of ways to achieve the same effect, all of them
silly.


.m