Statement Timeout

Prevent runaway queries.

Overview

Statement timeout is the database setting that aborts queries running longer than a threshold. Without it, one bad query (a missing index, a runaway report, a buggy ORM-generated SQL) can hold a connection indefinitely, exhaust the connection pool, and take down the service. With per-role timeouts (short for OLTP, longer for analytics), the database protects itself: bad queries abort, the pool stays healthy, and the application sees a clean error instead of a hung request.

• Prevent runaway queries. Bad queries abort instead of running forever; the database protects itself from one bad query.
• Connection pool preservation. Slow queries do not exhaust the pool; the application stays responsive even under one runaway.
• Per-role timeouts. OLTP role gets short timeout (5-30 seconds), analytics role gets longer (minutes); each role’s timeout matches its workload.
• Per-statement override plus engine-native. SET LOCAL statement_timeout for justified long queries; PostgreSQL, MySQL, and others all support the pattern natively.

The approach

The practical approach is to set per-role default timeouts (OLTP role 5-30 seconds, analytics role minutes), allow per-statement override for justified long queries (SET LOCAL statement_timeout inside a transaction), monitor cancellations as a leading signal of slow-query problems, and document the per-role timeout policy in the database documentation so the rules are predictable.

• Per-role default. SET statement_timeout in the role configuration; the role inherits the timeout, application code does not need to know.
• OLTP: 5-30 seconds. Short timeouts for production transactional traffic; preserves the pool under runaway-query conditions.
• Analytics: minutes. Longer timeouts for reporting and analytical workloads; matches the actual query duration.
• Per-statement override plus monitor cancellations. SET LOCAL statement_timeout for justified long queries; cancellation logs reveal slow-query problems before they become incidents.

Why this compounds

Statement timeout discipline compounds across services. Each protected role prevents one class of incident permanently; each cancellation logged teaches the team about slow queries before they cause user-visible issues; the database becomes self-protecting rather than dependent on perfect query optimization.

• Incident impact. Bad queries cannot take down the service; the runaway query aborts and the application sees an error rather than a hang.
• Connection pool health. Slow queries do not exhaust capacity; the pool stays healthy through bad-query incidents.
• Application quality. Forces timeout-aware design; the application code handles timeouts as a normal error path.
• Institutional knowledge. Cancellation logs reveal slow queries; the team learns which queries are at risk before users notice.

Statement timeout is an operational discipline that pays off across years. Nova AI Ops integrates with database telemetry, surfaces cancellation patterns, and supports the team’s database engineering discipline.