| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr> |
| Subject: | Re: Command Triggers |
| Date: | 2011-12-03 00:26:22 |
| Message-ID: | 201112030126.22485.andres@anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Saturday, December 03, 2011 01:09:48 AM Alvaro Herrera wrote:
> Excerpts from Andres Freund's message of vie dic 02 19:09:47 -0300 2011:
> > Hi all,
> >
> > There is also the point about how permission checks on the actual
> > commands (in comparison of modifying command triggers) and such are
> > handled:
> >
> > BEFORE and INSTEAD will currently be called independently of the fact
> > whether the user is actually allowed to do said action (which is
> > inconsistent with data triggers) and indepentent of whether the object
> > they concern exists.
> >
> > I wonder if anybody considers that a problem?
>
> Hmm, we currently even have a patch (or is it already committed?) to
> avoid locking objects before we know the user has permission on the
> object. Getting to the point of calling the trigger would surely be
> even worse.
Well, calling the trigger won't allow them to lock the object. It doesn't even
confirm the existance of the table.
Andres
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2011-12-03 04:55:38 | Re: Prep object creation hooks, and related sepgsql updates |
| Previous Message | Robert Haas | 2011-12-03 00:16:47 | Re: Command Triggers |