Andres Freund <and...@anarazel.de> writes:
> Have there been discussions about the security effects of this change?
> Previously the server admin could control the timeout, which could
> affect things like syncrep, after this it's not possible anymore. I
> *think* that's ok, but it should be discussed.
Hm. An evil replication connection could already cause all sorts of
operational problems (and I'm not counting grabbing all your data).
Does this add anything much new in that line? It seems like the
effects would be at least in the same ballpark as not sending
hot-standby-feedback messages in a timely fashion.
regards, tom lane
