Skip site navigation (1) Skip section navigation (2)

Re: Command Triggers

From: Andres Freund <andres(at)anarazel(dot)de>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>
Subject: Re: Command Triggers
Date: 2011-12-03 00:26:22
Message-ID: 201112030126.22485.andres@anarazel.de (view raw or flat)
Thread:
Lists: pgsql-hackers
On Saturday, December 03, 2011 01:09:48 AM Alvaro Herrera wrote:
> Excerpts from Andres Freund's message of vie dic 02 19:09:47 -0300 2011:
> > Hi all,
> > 
> > There is also the point about how permission checks on the actual
> > commands (in comparison of modifying command triggers) and such are
> > handled:
> > 
> > BEFORE and INSTEAD will currently be called independently of the fact
> > whether the user is actually allowed to do said action (which is
> > inconsistent with data triggers) and indepentent of whether the object
> > they concern exists.
> > 
> > I wonder if anybody considers that a problem?
> 
> Hmm, we currently even have a patch (or is it already committed?) to
> avoid locking objects before we know the user has permission on the
> object.  Getting to the point of calling the trigger would surely be
> even worse.
Well, calling the trigger won't allow them to lock the object. It doesn't even 
confirm the existance of the table.

Andres

In response to

Responses

pgsql-hackers by date

Next:From: Robert HaasDate: 2011-12-03 04:55:38
Subject: Re: Prep object creation hooks, and related sepgsql updates
Previous:From: Robert HaasDate: 2011-12-03 00:16:47
Subject: Re: Command Triggers

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group