Re: [HACKERS] Inconsistent syntax in GRANT

Marko Kreen wrote:
> On 1/6/06, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
> > Bruno Wolff III wrote:
> > > It might be nice to split nextval and currval access as well. nextval access
> > > corresponds to INSERT and currval access to SELECT.
> >
> > Uh, that is already in the code. nextval()/setval() is UPDATE, and
> > currval() is SELECT.
>
> This seems weird. Shouldn't nextval/currval go together and setval
> separately?

Uh, logically, yes, but practially currval just reads/SELECTs, while
nextval modifies/UPDATEs.

> Considering there's no currval() without nextval(), what point
> is disallowing currval() when user is able to call nextval()?

Not sure. I think SET SESSION AUTHORIZATION would make it possible.

> I rather want to allow nextval/currval and disable setval as it
> allows regular user to DoS the database.

Oh, interesting. We could easily have INSERT control that if we wanted,
but I think you have to make a clear use case to override the risk of
breaking applications.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073