Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Tom Lane writes:
>> This is perhaps the least undesirable of the choices we have, but it's
>> still a security hole.
> The reason this concerns me is that requiring update rights on the
> referenced table eliminates much the benefit of foreign keys from an
> administration point of view: If the primary keys can be updated freely,
> they no longer constrain the data in the referencing table effectively.
> I suppose we'll have to live with that for now but I'd suggest that it be
> put on the TODO list somewhere.
What we need to do about it is implement the separate REFERENCES right
as specified by SQL92, and then fix FK support to require that right
rather than UPDATE...
regards, tom lane
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2000-05-21 17:34:30|
|Subject: Re: plperl and the dynamic loader |
|Previous:||From: Tom Lane||Date: 2000-05-21 17:10:27|
|Subject: Re: MySQL's "crashme" (was Re: Performance) |
pgsql-bugs by date
|Next:||From: Murad Nayal||Date: 2000-05-22 16:42:48|
|Subject: port v7.0 to SGI-IRIX-6.5.7/64|
|Previous:||From: Peter Eisentraut||Date: 2000-05-21 16:45:20|
|Subject: Re: Foreign keys breaks tables permissions |
pgsql-sql by date
|Next:||From: Tom Lane||Date: 2000-05-21 17:58:14|
|Subject: Re: Full text indexing (and errors!) |
|Previous:||From: Mitch Vincent||Date: 2000-05-21 16:59:14|
|Subject: Full text indexing (and errors!)|