Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> ....and that's bad. More generally, the system security policy is
> designed to answer questions about whether it's OK to transition from
> A->B, and the fact that A->B is OK does not mean that B->A is OK, but
> our GUC mechanism pretty much forces you to allow both of those
> things, or neither.
More to the point, a GUC rollback transition *has to always succeed*.
Period. Now, the value that it's trying to roll back to was presumably
considered legitimate at some previous time, but if you're designing a
system that is based purely on state transitions it could very well see
the rollback transition as invalid. That is just going to be too
fragile to be acceptable.
I think that this will have to be set up so that it understands the
difference between a forward transition and a rollback and only checks
the former. If that's not possible, this is not going to get in.
regards, tom lane
In response to
pgsql-hackers by date
|Next:||From: Soules, Craig||Date: 2012-01-31 21:21:38|
|Subject: Re: Issues with C++ exception handling in an FDW|
|Previous:||From: Joey Adams||Date: 2012-01-31 20:47:05|
|Subject: Re: JSON for PG 9.2|