On Saturday, December 03, 2011 01:09:48 AM Alvaro Herrera wrote:
> Excerpts from Andres Freund's message of vie dic 02 19:09:47 -0300 2011:
> > Hi all,
> > There is also the point about how permission checks on the actual
> > commands (in comparison of modifying command triggers) and such are
> > handled:
> > BEFORE and INSTEAD will currently be called independently of the fact
> > whether the user is actually allowed to do said action (which is
> > inconsistent with data triggers) and indepentent of whether the object
> > they concern exists.
> > I wonder if anybody considers that a problem?
> Hmm, we currently even have a patch (or is it already committed?) to
> avoid locking objects before we know the user has permission on the
> object. Getting to the point of calling the trigger would surely be
> even worse.
Well, calling the trigger won't allow them to lock the object. It doesn't even
confirm the existance of the table.
In response to
pgsql-hackers by date
|Next:||From: Robert Haas||Date: 2011-12-03 04:55:38|
|Subject: Re: Prep object creation hooks, and related sepgsql updates|
|Previous:||From: Robert Haas||Date: 2011-12-03 00:16:47|
|Subject: Re: Command Triggers|