Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack
Marko Tiikkaja <marko@joh.to>
From: Marko Tiikkaja <marko@joh.to>
To: Jeremy Schneider <schnjere@amazon.com>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>, "Albin,
Lloyd P" <lalbin@scharp.org>
Date: 2018-07-20T21:56:13Z
Lists: pgsql-bugs, pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Improve VACUUM and ANALYZE by avoiding early lock queue
- a556549d7e6d 12.0 landed
-
Improve TRUNCATE by avoiding early lock queue
- f841ceb26d70 12.0 landed
-
Restrict access to reindex of shared catalogs for non-privileged users
- 87330e21c327 11.0 landed
- 661dd23950f2 12.0 landed
-
Improve behavior of concurrent CLUSTER.
- cbe24a6dd8fb 9.2.0 cited
On Fri, Jul 20, 2018 at 2:17 AM, Jeremy Schneider <schnjere@amazon.com> wrote: > I'd like to bump this old bug that Lloyd filed for more discussion. It > seems serious enough to me that we should at least talk about it. > > Anyone with simply the login privilege and the ability to run SQL can > instantly block all new incoming connections to a DB including new > superuser connections. > So.. don't VACUUM FULL pg_authid without lock_timeout? I can come up with dozens of ways to achieve the same effect, all of them silly. .m