undefined | Better HN

0 pointsisbvhodnvemrwvn5y ago0 comments

This assumes you only deal with non-sensitive data (e.g. user profiles).

Never mind that, how do you prevent denial of service attacks? I can run any allowed query on that database. Including 50 times cross join of the table I can read, sorted by random.

0 comments

dllthomas5y ago

> This assumes you only deal with non-sensitive data (e.g. user profiles).

Not really. You can do row or column level permissions. Details very much depend on your DBMS.

> Never mind that, how do you prevent denial of service attacks?

I have no real answer, and I never suggested that I would. Denial of service attacks (deliberate or accidental) are one piece of the "broader concerns" that I very much share.

In theory, a sufficiently advanced DBMS might be able to assign users quotas, and if your users are stable that may be sufficient for some use cases, but I am skeptical.

j / k navigate · click thread line to collapse