They don't apply server-wide. They apply to that user's session:
http://www.postgresql.org/docs/8.4/interactive/sql-set.html
Geoff
On Wed, Apr 30, 2014 at 6:19 AM, Hello World wrote:
>
> SET statement_timeout=0;
>> SET work_mem=1024GB;
>>
>
> I just realized about the SET command.
>
> Isn't i
> SET statement_timeout=0;
> SET work_mem=1024GB;
>
I just realized about the SET command.
Isn't it weird that any user can set parameters such as this that will
apply server wide? to all future sessions?
I noticed that some of the parameters can only be set by superusers, and
some require re-st
Hello World wrote:
> Denial of service is indeed a problem. Is there a way to limit the execution
> time of a request?
Yes, setting statement_timeout.
But if a client can exectue arbitrary statements, that could also
be statements like:
SET statement_timeout=0;
SET work_mem=1024GB;
> I'm using
On Wed, Apr 30, 2014 at 12:32 AM, Hello World wrote:
> Hello!
>
> I'm developing a web application that needs to display data from a
> postgres backend.
>
> The most convenient way for the app to get the data is by expressing the
> request in SQL.
>
> I'm thinking about the following architecture
On 30/04/14, Hello World (worldani...@gmail.com) wrote:
> I'm developing a web application that needs to display data from a postgres
> backend.
>
> The most convenient way for the app to get the data is by expressing the
> request in SQL.
>
> I'm thinking about the following architecture
>
> [
Hello,
Thank you very much.
Denial of service is indeed a problem. Is there a way to limit the
execution time of a request?
I'm using libpq to communicate with the server.
PS. I've just taken a look, it seems I could do some asynchronous queries,
time them, then cancel them if they take too lon
Hello World wrote:
> Given this are there any security other issues about letting client
> applications execute arbitrary SQL
> commands on the backend database?
There shouldn't be any security problems, just be careful that you don't give
the
user more permissions than you want to.
But a user
Hello!
I'm developing a web application that needs to display data from a postgres
backend.
The most convenient way for the app to get the data is by expressing the
request in SQL.
I'm thinking about the following architecture
[ App/Client ] -> query in SQL ---> [Web server] ---> same SQL q
