Skip site navigation (1) Skip section navigation (2)

Re: Foreign keys breaks tables permissions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Jan Wieck <wieck(at)debis(dot)com>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>, pgsql-sql(at)postgresql(dot)org
Subject: Re: Foreign keys breaks tables permissions
Date: 2000-05-21 17:12:34
Message-ID: 9733.958929154@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-hackerspgsql-sql
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Tom Lane writes:
>> This is perhaps the least undesirable of the choices we have, but it's
>> still a security hole.

> The reason this concerns me is that requiring update rights on the
> referenced table eliminates much the benefit of foreign keys from an
> administration point of view: If the primary keys can be updated freely,
> they no longer constrain the data in the referencing table effectively.

> I suppose we'll have to live with that for now but I'd suggest that it be
> put on the TODO list somewhere.

What we need to do about it is implement the separate REFERENCES right
as specified by SQL92, and then fix FK support to require that right
rather than UPDATE...

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2000-05-21 17:34:30
Subject: Re: plperl and the dynamic loader
Previous:From: Tom LaneDate: 2000-05-21 17:10:27
Subject: Re: MySQL's "crashme" (was Re: Performance)

pgsql-bugs by date

Next:From: Murad NayalDate: 2000-05-22 16:42:48
Subject: port v7.0 to SGI-IRIX-6.5.7/64
Previous:From: Peter EisentrautDate: 2000-05-21 16:45:20
Subject: Re: Foreign keys breaks tables permissions

pgsql-sql by date

Next:From: Tom LaneDate: 2000-05-21 17:58:14
Subject: Re: Full text indexing (and errors!)
Previous:From: Mitch VincentDate: 2000-05-21 16:59:14
Subject: Full text indexing (and errors!)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group