Skip site navigation (1) Skip section navigation (2)

Re: [NOVICE] Question on TRUNCATE privleges

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Thomas Hallgren <thhal(at)mailblocks(dot)com>,PostgreSQL Novice <pgsql-novice(at)postgresql(dot)org>,pgsql-hackers(at)postgresql(dot)org
Subject: Re: [NOVICE] Question on TRUNCATE privleges
Date: 2005-02-24 22:21:29
Message-ID: 200502242221.j1OMLTK24273@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-novice
Tom Lane wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Uh, that seems like it adds extra complexity just for this single case.
> 
> Yeah.  I've dropped the idea personally -- the suggestion that the table
> owner can provide a SECURITY DEFINER procedure to do the TRUNCATE if he
> wants to allow others to do it seems to me to cover the problem.
> 
> > Why don't we allow TRUNCATE by non-owners only if no triggers are
> > defined, and if they are defined, we throw an error and mention it is
> > because triggers/contraints exist?
> 
> I don't think we should put weird special cases in the rights checking
> to allow this -- that's usually a recipe for introducing unintended
> security holes.

Yea, good point.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

pgsql-novice by date

Next:From: Keith WorthingtonDate: 2005-02-24 22:28:08
Subject: Re: [NOVICE] Question on TRUNCATE privleges
Previous:From: Tom LaneDate: 2005-02-24 22:15:42
Subject: Re: [NOVICE] Question on TRUNCATE privleges

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2005-02-24 22:27:25
Subject: Re: [PATCHES] [pgsql-hackers-win32] Repleacement for src/port/snprintf.c
Previous:From: Tom LaneDate: 2005-02-24 22:17:59
Subject: Re: Some download statistics

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group