Andres Freund <and...@anarazel.de> writes: > Have there been discussions about the security effects of this change? > Previously the server admin could control the timeout, which could > affect things like syncrep, after this it's not possible anymore. I > *think* that's ok, but it should be discussed.
Hm. An evil replication connection could already cause all sorts of operational problems (and I'm not counting grabbing all your data). Does this add anything much new in that line? It seems like the effects would be at least in the same ballpark as not sending hot-standby-feedback messages in a timely fashion. regards, tom lane