Skip site navigation (1) Skip section navigation (2)

Re: Command Triggers

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: Andres Freund <andres(at)anarazel(dot)de>
Cc: Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>
Subject: Re: Command Triggers
Date: 2011-12-03 00:09:48
Message-ID: 1322870898-sup-2292@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-hackers
Excerpts from Andres Freund's message of vie dic 02 19:09:47 -0300 2011:
> Hi all,
> 
> There is also the point about how permission checks on the actual commands (in 
> comparison of modifying command triggers) and such are handled:
> 
> BEFORE and INSTEAD will currently be called independently of the fact whether 
> the user is actually allowed to do said action (which is inconsistent with 
> data triggers) and indepentent of whether the object they concern exists.
> 
> I wonder if anybody considers that a problem?

Hmm, we currently even have a patch (or is it already committed?) to
avoid locking objects before we know the user has permission on the
object.  Getting to the point of calling the trigger would surely be
even worse.

-- 
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

In response to

Responses

pgsql-hackers by date

Next:From: Robert HaasDate: 2011-12-03 00:16:47
Subject: Re: Command Triggers
Previous:From: Robert HaasDate: 2011-12-03 00:02:50
Subject: Re: backup_label during crash recovery: do we know how to solve it?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group