| From: | Kyle <kyle(at)actarg(dot)com> |
|---|---|
| To: | pgsql-sql(at)postgresql(dot)org |
| Subject: | RI permission problem |
| Date: | 2001-04-25 15:57:03 |
| Message-ID: | 3AE6F3CF.BE4F1C72@actarg.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
Here's an interesting security problem: Suppose I create two tables:
create table a (
pk int4 primary key,
aval text
);
create table b (
fk int4 references a (pk) on update cascade,
bval
);
Then I grant a user update to table a but not to table b. He should be
able to modify all the values in a freely, including the primary key (in
practice it is an invoice number that often gets entered incorrectly and
must be corrected.)
But the user should not have update privilege to table b (most
particularly, bval is privileged). But I would like the user to be able
to update the primary key and hence cascade the update to table b.
Is there a way to get this to work without granting update to table b?
Tom, I understand someone was working on setuid functions. Is that a
long way off? It would be nifty if triggers could execute with the
privileges of the user that created them rather than the user who is
executing them. This would help greatly in closing some security holes
like this we are dealing with.
Kyle Bateman
| Attachment | Content-Type | Size |
|---|---|---|
| kyle.vcf | text/x-vcard | 185 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martín Marqués | 2001-04-25 16:12:35 | Re: use of arrow keys to traverse history |
| Previous Message | Tom Lane | 2001-04-25 15:53:52 | Re: Table corrupted and data lost (second time in one month!!) |