Search Postgresql Archives

Re: Automating access grants

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I realize that direct access gives an outside user the opportunity to overload the server.  In fact, I am far less worried about malicious DOS-type attacks than I am about plain old incompetence, such as having a buggy script hammer our server with an infinite loop.

BTW, is there a way to configure a PostgreSQL server to abort a query if it takes longer than a certain amount of time, and/or to limit the number of queries allowed per host per unit time (say, per hour)?

That's why registration of a host is mandatory for this access.  Any registered host that violates the TOS gets summarily removed from the allowed hosts list.  (They get a second chance if they convince us that it won't happen again.  No third chance.)

I should point out that the information that we will be serving is readily available from other sources; our service just provides it in a more convenient form.  The data in question is of academic interest only; it has little or no economic value.

At any rate, if we were to do this, we would announce it as an "experimental feature".  If server-overload (whether from malicious attacks, or from inept usage) becomes an intractable problem, we will just retire the service.

That said, for this experimental feature to work at all, it is necessary to have a solid way to automate the granting of access to those servers that request it and meet our conditions.

kj


On 3/15/07, Stephen Frost <sfrost@xxxxxxxxxxx> wrote:
* Kynn Jones (kynnjo@xxxxxxxxx) wrote:
> On 3/15/07, Stephen Frost <sfrost@xxxxxxxxxxx> wrote:
> >* Kynn Jones ( kynnjo@xxxxxxxxx) wrote:
>
> >One big question I have is, is this completely read-only?
>
> Sorry, I should have made this clear: the access we had in mind is
> strictly read-only, and only a subset of the tables at that.

Then I would definitely encourage setting up a webpage to provide the
information..  There's no need to grant access to the database directly,
and for that matter it'll probably be easier for your *users* to get the
data in a portable format directly rather than having to install
something which can talk the PG protocol.

        Enjoy,

                Stephen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF+TtHrzgMPqB3kigRAkRNAJ9JeWKQ6y2yjqpRxuHMOxRAtZgMwgCglkO7
KllW1Aa2hyYuIFG7tSspSZY=
=xqHu
-----END PGP SIGNATURE-----



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux