From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Marko Kreen <markokr(at)gmail(dot)com> |
Cc: | Bruno Wolff III <bruno(at)wolff(dot)to>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] Inconsistent syntax in GRANT |
Date: | 2006-01-06 17:23:55 |
Message-ID: | 200601061723.k06HNtl09049@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
Marko Kreen wrote:
> On 1/6/06, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
> > Bruno Wolff III wrote:
> > > It might be nice to split nextval and currval access as well. nextval access
> > > corresponds to INSERT and currval access to SELECT.
> >
> > Uh, that is already in the code. nextval()/setval() is UPDATE, and
> > currval() is SELECT.
>
> This seems weird. Shouldn't nextval/currval go together and setval
> separately?
Uh, logically, yes, but practially currval just reads/SELECTs, while
nextval modifies/UPDATEs.
> Considering there's no currval() without nextval(), what point
> is disallowing currval() when user is able to call nextval()?
Not sure. I think SET SESSION AUTHORIZATION would make it possible.
> I rather want to allow nextval/currval and disable setval as it
> allows regular user to DoS the database.
Oh, interesting. We could easily have INSERT control that if we wanted,
but I think you have to make a clear use case to override the risk of
breaking applications.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2006-01-06 17:46:01 | Re: [HACKERS] Inconsistent syntax in GRANT |
Previous Message | Tom Lane | 2006-01-06 17:18:14 | Re: [HACKERS] Inconsistent syntax in GRANT |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2006-01-06 17:46:01 | Re: [HACKERS] Inconsistent syntax in GRANT |
Previous Message | Tom Lane | 2006-01-06 17:18:14 | Re: [HACKERS] Inconsistent syntax in GRANT |