Skip site navigation (1) Skip section navigation (2)

Re: Postgres Permissions Article

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Postgres Permissions Article
Date: 2017-03-29 13:36:07
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-generalpgsql-hackers
Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> writes:
> On Tue, Mar 28, 2017 at 09:47:40AM -0700, Paul Jungwirth wrote:
>> I wrote a blog post about the Postgres permissions system, and I thought I'd
>> share:

> Not that I am an expert in any way but here's a thought on
> why a permission on foreign key creation might be useful:

> Being able to create foreign keys may allow to indirectly
> discover whether certain values exists in a table which I
> don't otherwise have access to (by means of failure or
> success to create a judiciously crafted FK).

Aside from that, an FK can easily be used to cause effective
denial-of-service, for example preventing rows from being deleted
within a table, or adding enormous overhead to such a deletion.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Peter EisentrautDate: 2017-03-29 13:38:12
Subject: Re: [PATCH] Reduce src/test/recovery verbosity
Previous:From: Michael PaquierDate: 2017-03-29 13:08:03
Subject: Re: Allow interrupts on waiting standby

pgsql-general by date

Next:From: Tom LaneDate: 2017-03-29 13:59:41
Subject: Re: Using relations in the SELECT part
Previous:From: Adrian KlaverDate: 2017-03-29 13:24:25
Subject: Re: How to get correct local time

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group