Hacker News new | ask | show | jobs
by WesolyKubeczek 2048 days ago
On MySQL, you can run SLEEP() or BENCHMARK() as a read-only user to your heart's content. You cannot restrict access to these functions, and letting the wide internets play with them will bring your server to its knees by clogging up all connections and hogging up its CPUs.
2 comments
dllthomas 2048 days ago
I wasn't contradicting the bits about DOS attacks, which remain very much a concern, even when no one is malicious.
link
derision 2048 days ago
Solution: Don't use MySQL
link
WesolyKubeczek 2048 days ago
PostgreSQL's SQL is Turing-complete. Imagine the possibilities!
link
eloff 2048 days ago
All rdbms have similar issues with built-in functions. Plus you can easily create pathological queries that do the same.
link