Neil Conway <neilc@xxxxxxxxxxx> writes:
> A malicious user who can execute SELECT queries can already consume an
> arbitrary amount of memory -- say, by disabling GEQO and self-joining
> pg_class to itself 50 times. I'm not sure that letting users modify
> sort_mem/work_mem actually increases the risk from malicious users.
The correct place for a sysadmin to limit memory usage would be in the
ulimit settings the postmaster starts under. Of course, Neil's argument
still holds in general: anyone who can write arbitrary queries is not
going to have any difficulty in soaking up unreasonable amounts of
resources. Trying to restrict that would probably make the system less
useful rather than more so.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
