Hi, > Curt Sampson <[EMAIL PROTECTED]> writes: > > On Fri, 19 Apr 2002, Sander Steffann wrote: > >> I can't think of a reason that [creation of] temp tables should > >> be prevented. > > > Maybe to keep hostile users from filling up your disk? > > That does come to mind --- but if you've let hostile users into > your database, filling your disk is not exactly the smallest problem > they could cause. They can very easily cause DOS problems just based > on overconsumption of CPU cycles, or on crashing your server constantly. > (Cm'on, we all know that can be done.) Even more to the point, is there > nothing in your database that you'd not want published to the entire > world? There's got to be a certain amount of trust level between you > and the persons you allow SQL-command-level access to your database. > If not, you ought to be interposing another level of software. > > My current proposal for schema protection does include a TEMP-table- > creation right ... but to be honest I am not convinced that it'd be > worth the trouble to implement it. Comments anyone?
I see your point, but I think Curt is right... If users are always allowed to make temp tables, you can't give someone real read-only access to the DB. I agree that there has to be more protection to prevent other abuses, but at least the disk is safe. Sander ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])