| From: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Subject: | Re: BUG #1145: silent REVOKE failures |
| Date: | 2004-05-18 07:10:30 |
| Message-ID: | Pine.LNX.4.58.0405180902400.19985@sablons.cri.ensmp.fr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Dear Bruce,
> > > Well, if I issue a "REVOKE" and the rights are not revoked and could never
> > > have been because I have no right to issue such statement on the object, I
> > > tend to call this deep absence of success a "failure".
> >
> > > If I do the very opposite GRANT, I have a clear "permission denied".
> >
> > Oh, I thought you were complaining that revoking rights not previously
> > granted should be an error. I agree with the above; in fact it's a
> > duplicate of a previous complaint.
>
> Did we resolve this? Is it a TODO?
No? No?
There has been a lot of off-line discussion about how to interpret the
standard on this point. I'm not even sure we perfectly agreed in the end,
although our understanding of the issues improved a lot through the
discussion. As a summary, it is pretty subtle, especially as the standard
wording is contrived, and postgres does not do what should be done in a
lot of cases. There are also actual "security" bugs.
For the TODO, I would suggest something general:
- fix grant/revoke wrt SQL standard, validate errors, warnings and successes.
--
Fabien Coelho - coelho(at)cri(dot)ensmp(dot)fr
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Federico Di Gregorio | 2004-05-18 08:32:36 | soname of libpq |
| Previous Message | Bruce Momjian | 2004-05-17 19:18:13 | Re: BUG #1145: silent REVOKE failures |