On 17/02/18 20:48, Olegs Jeremejevs wrote: > Okay, in other words, there's no way to completely defend oneself from > DoS attacks which require having a session? If so, is there a scenario > where some bad actor can create a new user for themselves (to connect > to the database with), and not be able to do anything more damaging > than that? For example, if I can do an SQL injection, then I can do > something more clever than running a CREATE ROLE. And if not, then > there's no point in worrying about privileges in a single-tenant > database? Beyond human error safeguards. > > Olegs How about execution limits, Olegs? Tim Clarke
<<attachment: smime.p7s>>
